Celestix HOTPin
Tokenless Two-Factor Authentication

Features:

Simple Deployment

HOTPin is tokenless, providing OTP generation via soft token, Instant Messenger or SMS. User provisioning can be offered in multiple methods, from app store download or through a simple to navigate self-service portal. User adoption is high because the technology is simple to use and requires no additional hardware.

Radius Supported

HOTPin authentication server includes an instance of RADIUS server on board, providing organizations with simple deployment and easy connectivity with any standard perimeter access gateway device. With a simple management console and a multitude of reporting options as standard.

Integrations and APIs

HOTPin now includes an application programming interface (API) and software development kit (SDK) that allows an enterprise to integrate two-factor authentication into its existing web applications. This API allows administrators to modify their existing web applications to include an option on the authentication screen from which a user can choose the method of login.

Self-Enrollment

With the HOTPin User self-service portal, End users can provision themselves, import their own keys and reset their PIN if required, without having to go through IT helpdesk. Users who want to use their smart phone as a token can also import the token keys by scanning a QR code from the self-service portal.

Simple Price Model

User licensing is per registered user and is enforced on the server. One major benefit of HOTPin is that the per license price is fixed, regardless of the token form factor. For instance, the hardware token is priced the same as the soft token. This addresses a key issue in the authentication market which is the complexity of pricing for various token types.

Quick Response (QR) Code Login

HOTPin client now supports QR codes.  Users can scan the QR code and will be instantly logged in to the application in a secure manner.  The integration of this function to any web services is simple. The latest HOTPin 3.7 includes API with the samples that helps to simplify the integration into your existing server architecture.

Powerful Admin Management

HOTPin web-based administrative interface lets you easily revoke credentials, disable users, and audit access by users and groups. Extensive reporting tools are also provided and audit trails are maintained for regulatory compliance.

Comprehensive Reporting

Comprehensive reporting engine provides complete visibility.

• Provide visibility to management
• Enforce and monitor compliance
• Automated report generation and delivery

Authentication Methods:

	Phone-as-a-token	OTP via SMS	OTP via Instant Messanger	Hardware Token	Virtual Keyboard
Description	Use your smart phone as a token by installing a software token app on the mobile device to generate One Time Passwords. tokens.	Users can receive One Time Passwords via text message or email for true Out of Band (OOB) authentication.	Users can receive One Time Passwords via Instant Messenger for true Out of Band (OOB) authentication.	Use the passcode generated on your hardware token.	Use virtual pinpad on the screen to enter your PIN number.
Benefits	If the device is lost, re-provisioning is simple and fast, lowering helpdesk costs and increasing employee productivity	Leveraging the SMS text network or email provides simple to use and efficient delivery of the OTP to users, regardless of the cell phone device they use. It is also of benefit to organizations with deployments of devices that they do not manage directly.	Leveraging the Instant Messenger provides simple to use and efficient delivery of the OTP to users. It is also of benefit to organizations with deployments of devices that they do not manage directly.	Celestix Touch Tokens have a long battery life, are OATH compliant and extremely durable.	To protect against shoulder surfing and keystroke logging, the pinpad randomly generates numbers in a grid at each log on, and the user enters their PIN number with mouse clicks instead of typing it.
Platforms	iOS, Android, Blackberry, and Windows Mobile	All phones with SMS	All phones with Instant Messenger. Currently only support Yahoo Messenger and Google Talk.	Celestix Mobile Touch or any OATH-compliant tokens	Any web browser
Additional Cost	Free download	SMS messages use your account’s telephone credit	No cost	Buy from Celestix or import your own tokens	Free Download

How It Works:

Secure your Organization with HOTPin

• Two-Factor Authentication. Simplied.
• Available as software, appliance, managed services and virtual machine.
• Works with all smart phones
• Now supports QR code login
• Cost-effective, secure and reliable

One Time Passwords

ATM cards provide two-factor authentication in the tightly controlled environment of ATM machines, where each machine is equipped with a special card reader. It is not feasible to equip every laptop, desktop or tablet with a special device to read a card. That would be cost-prohibitive, time-consuming and extremely impractical.

To provide two-factor authentication for computer services and sites, users rely on a One Time Password that is generated on a device that is uniquely assigned to a user. One Time Passwords (OTP) provides security in a number of ways.

• Always Changing
  The OTP changes after a fixed interval of time, commonly every 60 seconds. Even if an unauthorized user noted the OTP, they won’t be able to use it since it would have changed for the next session.
• Tied to a device
  OTPs are generated using a seed that is uniquely associated with a device. Thus, every user’s OTP will be different. Since the device is assigned to a user, the OTP uniquely authenticates a user and a PC desktop client. By leveraging smart devices or text messaging, the OTP is delivered ‘on demand’ to the user. And, of course, HOTPin easily integrates with AD.

QR Login

HOTPin client now supports QR codes.  Users can scan the QR code and will be instantly logged in to the application in a secure manner. The integration of this function to any web services is simple. The latest HOTPin 3.7 includes API with the samples that helps to simplify the integration into your existing server architecture.

Solutions:

HOTPin integrates seamlessly into your VPNs, Firewalls, Microsoft TMG, UAG, Citrix XenDesktop, XenApp and Windows servers, and web applications to provide strong two-factor authentication for your entire organization.

HOTPin uses RADIUS to integrate with any remote access gateway solution like Juniper SA series, Microsoft TMG, UAG, SSH/UNIX or Citrix XenApp.

After integration, users have to enter their username, PIN and OTP to authenticate. OTPs are generated on smart phones, hardware tokens (like Celestix Touch) or received through text messages.

Here is the sample screenshot of the integration with Citrix XenDesktop.

For Microsoft UAG specifically, Celestix provides a custom agent that ensures users’ credentials are properly passed on to applications, providing true Single Sign-On.

Product Details:

License:

Server License

HOTPin authentication server is available at a fixed priced and requires the procurement of an annual maintenance fee.

Subscription

User licensing is per registered user and is enforced on the server. One major benefit of HOTPin is that the per license price is fixed, regardless of the token form factor. For instance, the hardware token is priced the same as the soft token. This addresses a key issue in the authentication market which is the complexity of pricing for various token types.

HOTPin licenses are available on a renewable basis for terms of 1, 2 and 3 years.

Video:

Celestix HOTPin Two-Factor Authentication Solution

Documentation:

Download the Celestix HOTPin Datasheet (.PDF)