iPass builds in architectural security to help protect user authentication credentials as they traverse the Internet:
Encrypted Login Technology
To reduce the risk of credential theft, the iPass technology platform helps protect user credentials from the client device all the way to the enterprise using Encrypted Login. This technology is built into multiple components of the iPass connectivity architecture and helps ensure that user passwords are kept private as they traverse Wi-Fi access points, dial networks and the Internet.
Here's how it works:
When a user logs in using the iPassConnect client, Encrypted Login uses a public key and 131-bit elliptical-curve cryptography to create an encrypted one-time ASCII password based on username, a unique service interface ID and an incrementing session counter.
The iPassConnect client then sends the encrypted password to the local access provider's iPass NetServer.
The iPass NetServer creates a 128-bit unidirectional SSL tunnel to an iPass Transaction Server at the nearest Transaction Center.
The Transaction Server uses the enterprise's private key to decrypt the password for authentication to the iPass network.
The Transaction Server then routes the decrypted password via another SSL-protected tunnel to the company's RoamServer, where it is checked against the authentication database.
Access is then either allowed or denied.
Hardened Platform
On the server side of authentication, iPass protects all communications between system components. The iPass Transaction Centers themselves are also protected. These secure facilities feature redundant Transaction Servers, hardware-based firewalls, uninterruptible power supplies, climate-control and physical deterrents against vandalism and theft.
All transactions between NetServers, Transaction Servers and RoamServers are protected by mutual digital certificate exchange and SSL encryption. Communication takes place only after the originating server sends a valid digital signature and the authorizing server reciprocates, ensuring that iPass systems only converse with other authorized iPass systems.
