|
Infineon Security Platform Solution |
User Authentication
For security reasons, you need to authenticate to the Infineon Security Platform before you can use security features. E.g. file encryption requires your Basic User Key which is protected with your Basic User Password. Typing in this password means authenticating to the Security Platform. Only after successful authentication your Basic User Key can be used.
The Infineon Security Platform Solution provides two authentication levels to protect your Basic User Key:
Password Authentication
The Basic User Key is protected with the Basic User Password. This password has to be typed in manually.
Enhanced Authentication
The Basic User Key is protected with the Basic User Passphrase. This passphrase is securely stored by an authentication device, e.g. a smart card, a secure USB token, a fingerprint reader or another biometric authentication device. The passphrase can be accessed only by this authentication device, e.g. by inserting a smart card and typing in its PIN or by putting the finger on the fingerprint reader.
Passwords and Passphrases
With Password Authentication a "normal" password serves as Basic User Password. Although it is technically possible to use long and complex passwords, most passwords are quite short, because they need to be memorized.
With Enhanced Authentication there is no need to memorize passwords, because they are managed by the authentication device. From the user's point of view, the password is replaced by a PIN or by a biometric authentication. Thus Enhanced Authentication is more user-friendly. On the other hand the security level is considerably raised with the authentication device's built-in security features. For example, a smart card has a retry counter blocking the card after several wrong PIN entries. This way brute-force attacks are made impossible and relatively simple PINs can be used.
To emphasize that Enhanced Authentication combines long and complex passwords with user-friendliness, another term is used instead of Password: the Passphrase. A passphrase is basically nothing different than a long complex password.
The Security Platform Solution differentiates between these two terms:
- Password is used in Password Authentication mode and means Basic User Password.
- Passphrase is used in Enhanced Authentication mode. It also means the Basic User Password. The Basic User Password is called Basic User Passphrase in this context.
Installation and Administration of Enhanced Authentication
Authentication devices are provided by separately installable software plug-ins. The Security Platform Solution Software detects installed authentication devices automatically.
The configuration of authentication devices is user-specific, i.e. different Security Platform Users can use different authentication devices. Usage of Enhanced Authentication can be controlled by policies.
Configuring Enhanced Authentication Step by Step
| Configuring Enhanced Authentication - Administrative Tasks | Software Component to use |
| 1. Install Authentication Device. | Separate installation. Please refer to the provider of the authentication device plug-in. |
| 2. Enable the usage of certain authentication devices for all users. | If Security Platform is not yet initialized: Initialization Wizard
If Security Platform is already initialized: Settings Tool - Advanced - Configure... |
| Configuring Enhanced Authentication - User Task | Software Component to use |
| 3. Select authentication level and device for the current Security Platform User. | If user is not yet initialized: User Initialization Wizard
If user is already initialized: Settings Tool - User Settings - Configure... |
©Infineon Technologies AG