Two-factor authentication using SMS messages sent to cellphones

Two-factor authentication makes your corporate IT environment safer and more reliable. It helps to handle corporate passwords in a secure way so authentication will only be available to authenticated people. Two factor authentication means that during login the user has to provide two secure information: his password, and a one time code he receives in SMS to his mobile phone. Two factor authentication can be used to improve login security or to sign critical transactions, such as wire transfer instructions in banks. It is usually implemented with Ozeki NG SMS Gateway. This article explains the benefits, the possible fields of applications of two factor authentication and gives you introduction on how to implement it.

Fields of applications

In a complex corporate IT environment passwords are very often the only possible means of protection against unauthenticated intruders. To ensure security of corporate networks is a never ending tasks of system administrators. That is why passwords are widely used to prevent frauds and system cracks. But very often static passwords are not enough and extra security is needed. As these static passwords are easy to guess and employees, customers, business partners write them down, send them in e-mails, they become ineffective. In case of companies where high security is essential, two-factor authentication can be implemented to improve security and to protect their corporate network.

Setup two factor authentication

Setup instructions to configure two factor authentication in:

• Check Point Connectra
• Vasco Middleware
• PHP programming language
• Strong Authentication Server

Integration tools

The following methods are often used to setup two factor authentication:

• SMS using HTTP requests
• SMS from a database
• SMS from e-mail
• SMS from the command line

The best solution for such problems is the implementation of a two-factor authentication system by using a powerful SMS gateway software to deliver the SMS messages containing the one time passwords (OTP) to mobile devices. To be able to setup this solution, you need an application, which supports this authentication method. Then you need to configure it to generate a one-time password for the users during the login process and to send this password to their cellphones. In more detail the procedure works the following way:

• Step 1: The user provides his login name and password (first phase)
  
• Step 2: If the user has completed first phase authentication, his mobile telephone number is looked up from a database (or active directory).
• Step 3: A one time password is generated and is sent to his mobile phone
  
• Step 4: The user enters the one time password to complete the authentication

The one time password can contain numbers and random characters and they are changed at each login. The one time password will not be delivered through the computer network, so it will be harder for an intruder to intercept it. As they are changed constantly people cannot write them down. Furthermore, if someone get your password it cannot be used the next time it is needed as it expires automatically after some time. All in all, a two-factor password is harder to guess and intercept.

Ozeki offers an SMS gateway software that can be used to delivery the one time password to the mobile phone of the user. The name of this software is called Ozeki NG SMS Gateway. It can be used effectively in this authentication process, because it can send the SMS message containing the one time password through a GSM phone or GSM modem attached to the computer with a data cable (or it can send it through the Internet to an SMS service provider). Detailed step by step instructions demonstrating this solution are provided for the following systems:

• Check Point Connectra
• Vasco Middleware
• PHP programming language
• Strong Authentication Server

These systems have built in support for two-factor authentication method. They are able to generate and process a one-time password. After generating the one time password, they forward it to Ozeki NG SMS Gateway which will process it. Finally the SMS gateway software sends this generated password to a given mobile phone or even two mobile phones. This process is very simple but at the same time it is very efficient. Your passwords are only sent to pre-defined mobile devices therefore unauthenticated intruders cannot get them. If a one-time password is failed to use then it expires automatically so after a short period of time it cannot be used to log into your corporate network. If you decide to implement this effective solution you will gain a well-functioning and reliable system which ensures security of your corporate IT environment.

Wireless mobile connection vs IP SMS connection

For two factor authentication systems you have two choices to deliver your SMS messages to the mobile network. You can use a GSM phone or GSM modem attached to your server computer with a data cable or you can send the SMS messages through an Internet based SMS service provider. If you use a GSM phone or GSM modem, your SMS messages will be sent through the airwaves, if you use an Internet based SMS service provider the SMS messages will be sent through the Internet to the short message service center (SMSC) of the mobile network operator. The first option (sending SMS messages with a GSM phone or GSM modem) is usually more secure. It is significantly harder to capture and decipher an SMS message traveling through the air, then it is to capture internet traffic. We recommend you to setup a GSM modem connection to the mobile network. The second solution is necessary if you have high volume of SMS messages. If you send your one time passwords over the Internet, to an SMS service provider, make sure to setup a VPN channel between your Ozeki NG SMS Gateway installation and the Short Message Service Center of the Internet SMS service provider.

Benefits

SMS functionality provided by Ozeki NG SMS Gateway helps handle your corporate passwords in a secure way. Thanks to SMS technology passwords only will be sent to authenticated people so unauthorized people cannot gain access to your system. Or if a password have been stolen it is not likely that the thief can steal the corresponding mobile phone at the same time. If a mobile phone has been stolen with a one-time password in it, there is still no problem as these passwords can be used only once and expire automatically after some short time if they are not used. With the implementation of this solution you can improve your corporate security.

Conclusion for two-factor authentication

By combining Ozeki NG SMS Gateway with a two-factor authentication method your system will be protected from intruders while you, your employees, customers, or partners can access anytime and anywhere with the highest security. SMS functionality ensures that only the intended person receives your password, and a new password will be generated and sent via SMS at each login. With this solution you will get a secure, reliable corporate IT system.

Read more about this solution on "Setting up two factor authentication in Check Point Connectra using a GSM modem" page page

Learn more about another possible solution for two-factor authentication on two factor authentication in Vasco Middleware page

Download Ozeki NG SMS Gateway on product website of Ozeki NG SMS Gateway.