How does it work?

How Swivel Works

Office CubiclesThe core of the Swivel authentication platform is built around a simple one-time-code generation protocol. The key parts of the protocol are 1) a registered PIN assigned to the user by the administrator at set up 2) A randomly generated security string which is different for each login session.

Using the PIN as a positional reference the user extracts a one-time-code from the security string by selecting the digits corresponding to their position in the string. The OTC is then returned to the Swivel server to complete the authentication handshake.

This simple yet highly secure user OTC generation method is completed in just a few seconds and is a key differentiator from other authentication technologies that typically transmit a server generated OTC to the user. The additional step in the process ensures that the user is present at the time of authentication and not just that the person logging in has the device.

Swivel includes a range of user deployment options that can be configured using a range of different transport options and network infrastructures to ensure that the user has the correct security string when it is needed. Organisations are free to choose the right deployment options to meet their specific requirements taking into consideration, cost, security risk, user convenience and compliance regulations.

Full Two-Factor Authentication

Blackberry using Swivel Authentication

For environments that require a full two-factor solution Swivel uses a mobile phone as the “something” the user has at the time of the authentication. In this scenario the security string is typically sent as a text message after each login session is started (ready for the next session). The OTC is generated using the “something” the user knows – the PIN - which is sent to the Swivel server either via a Web browser or in-bound SMS for complete out-of-band, two factor authentication.

Alternatively users can opt to download a mobile app for the Apple iPhone, Blackberry or Android platform, which includes up to 99 strings at one time and can used in areas with no mobile network coverage.

Strong Authentication

For many applications, where security is less critical such as accessing Web email or a membership portal, Swivel can be deployed as a strong authentication solution or “enhanced” username and password system with the security string delivered via the Internet as an image embedded in the standard login page. Known as the Swivel TURing image the string is masked from OCR spyware using a random selection of fonts and background patterns. The OTC is generated in the same way using the PIN as a positional reference and then returned to the server over the same communication link.

Where Next?

Read more Swivel related content:

Photo Courtesy FLICKR User: markjsebastian

Security Vendors:

Swivel

  • IP FIX IT“IP FIX IT” is the brand for Cohort Technology’s family of technical services. The comprehensive range of professional services give us the ability to deliver help and support at every stage of the requirement, from the initial consultation, through to the installation and support of the chosen solution. The service includes:
  • Technical Support Contract
  • Network Health Checks
  • Consultancy
  • Project Management
  • Installation and Configuration
  • For more information visit the IP FIX IT page.

Security Vendors

Cohort Technology
© 2012 Cohort Technology Ltd  Registered Office: Norton House, Stewart Road, Basingstoke, Hampshire, RG24 8NF  Company Registration Number: 6027516.
View Our Privacy Policy.