Authentication using ArcotID PKI is a PKI-based challenge-response mechanism. The client obtains an authentication token by proving the private key of the user. The client-server interactions during authentication are as follows:
Your application or the resource which is protected by AuthMinder obtains the user credentials. For example, if the user’s ArcotID PKI is not available on the system or the USB.
Your application requests for a challenge used to authenticate the user.
AuthMinder Server prepares a unique challenge and sends it to your application.
The user enters the correct ArcotID PKI password to uncover the ArcotID PKI. The client signs this challenge with the user’s private key that is available as a result of uncover. The challenge can either be pre-loaded on the client machine or can be downloaded from the server.
The signed challenge is sent to the AuthMinder Server for verification. If the signature is verified successfully, the user can login or access your protected resource. For every successful transaction, AuthMinder also returns an authentication token for a user.
The following figure illustrates the ArcotID PKI authentication flow.
|
Copyright © 2013 CA.
All rights reserved.
|
|