User's Manual
11
2 INTRODUCTION
WebIdentity is a USB device which enables the remote identification of a user in a secure way. The software
components that are available with WebIdentity enable integrating the token features into web-based applications.
Eutron WebIdentity originated with the intention of making an Internet service user identifiable univocally and
guaranteeing access to information contained in the website only and exclusively to the user in possession of a personal
hardware device.
Even if the Internet environment is the first operating environment which WebIdentity appeals to, it is possible to use it
in a generic client-server environment.
2.1 WebIdentityDL: The new model
WebIdentity has been recently renewed and the main features of the new device are:
1. HID interface: now WebIdentity is a USB device which exports a HID (Human Interface Device) interface,
and therefore the native support of the operative system for accessing the token is used in all Windows
operating systems (but also Linux and Mac OS). This makes the installation of a specific driver for the device
useless, for the benefit of operating user-friendliness. The previous version was a USB device requiring the
installation of a standard supplied driver.
2. Authentication via AES 256: The new WebIdentity token is similar to the previous model from the
architectural point of view, but instead of carrying out authentication via the Triple-DES algorithm it now uses
the new standard AES in the 256 bit key version. This algorithm ensures an even higher security than the
previous version.
This new version of WebIdentity has been named WebIdentityDL (WebIdentity driverless). Within this document
when this WebIdentity version will be expressly referred to it will be identified with WebIdentityDL whilst the
previous version will be identified with WebIdentity3P.
The production of the WebIdentity3P tokens has been discontinued but the software supplied with WebIdentity is
compatible with both versions and can therefore support both of them.
Within this document the model WebIdentityDL will always be referred to, unless the older version is expressly
specified.
2.2 Secure authentication in web-based applications
The term "authentication" is often used in the broad sense. By authentication the process of verification of a person’s
identity or of a process identity is meant; within a communication the authentication verifies that the messages coming
from a recognized source belong to such a source.
The authentication processes that are used with web application nowadays are mainly based on username and password
recognition, whether integrated in the HTTP protocol or controlled by the application itself.
2.3 The WebIdentity solution
WebIdentity has been designed for supplying a high security “strong authentication” without employing any
complicated and expensive infrastructure.
WebIdentity solves all problems connected with username- and password-based authentication systems, that is:
• vulnerability: the username and the password are transmitted in plain text mode and are therefore subject to
attacks based on packet filtering (sniffing).
• Improper use: it is not possible to control the number of people using the same username and password.
A high security alternative might be the adoption of a PKI (Public Key Infrastructure) which implies a considerable
management load, above all within already existing infrastructures. WebIdentity, while ensuring a “strong
authentication” that is comparable with the authentication obtainable from a PKI infrastructure, requires a managing
and implementing work load that can be compared with the integration of the username- and password-based
application-related authentication.