27 Apr 2012
Many organizations such as schools, banks, and the enterprise have a large deployment of computer systems managed by a central support team. Often individual laptop computers issued to various employees are also maintained by a central support organization. These types of users are discovering that GoldKey Security tokens are a valuable tool to aid in the secure management of these major deployments.
Here is how it works. A user account is set up on each computer with administrative privileges. Then this administrator account is secured on each computer by GoldKey. This is a simple process, which sets up the account so that the only way a user can log into the computer using that account is if they have a GoldKey with the appropriate user group installed. This strategy can be deployed even if the everyday user of the computer does not have a GoldKey, but rather logs into their own user account with the traditional username and password.
If, at any time, it becomes necessary to perform support functions on the computer, a support technician can login using a GoldKey. This could be, in a situation, as simple as where the everyday user has forgotten a password and therefore locked themselves out of their computer. The support user then logs in using the GoldKey, resetting the password in the user account. When working with a lot of machines, it is very handy in the USB port and then entering the single PIN of the GoldKey, no matter which computer you are trying to log into.
The way the GoldKey secure login authentication system works is like this. When the GoldKey user secures the account login with GoldKey, a special random number generator inside the GoldKey token generates a complex, random, and long login password for that account and submits it to the local computer’s operating system as the user’s password for that account. Then inside the GoldKey this new “long” password is encrypted using the encryption key for each GoldKey user group that will have access to this account. The encrypted version then, of the “long” password, is then stored in the open on the computer to be secured. When the GoldKey user attempts to log onto the computer, the encrypted version of the login password is pulled inside the GoldKey where it is decrypted and then fed back to the operating system to complete the login process, and the user is logged in.
There are many advantages of this approach over conventional username and password login systems. In the first place, the GoldKey generated passwords are so long and random that it is virtually impossible to break into the system by trying to guess the user’s password. Second, since the password is stored in encrypted form on the computer, any GoldKey having been given the appropriate user group by a Master Key is able to read the encrypted version of the password, decrypt it, and thereby log into the system. Perhaps most important, each computer secured in this way utilizes a completely random and different login password. In other words, if you had an enterprise with 10,000 computers all secured by GoldKey login, every single one of those 10,000 computers would have its own ”long” login password, and yet any GoldKey holder with the appropriate GoldKey user group would be able to log into any of those computers by simply remembering the PIN of their own GoldKey.