I've been playing with the iPhone recently and I've been very impressed with the amount of applications you can get for the phone.
The other day after some prompting from the UK Vasco Technical Account Manager, I installed a Vasco Digipass for the iPhone. (Thanks Dan)
So now I have a demo Digipass on my phone, where I can use it for demonstration purposes. It was fairly straight forward, you need to download the app from the Apple AppStore and tap in a couple of codes to make it work. Obviously I need a Vasco server installed somewhere and install the relevant DPX file on it, so the token can be used.
Off the back of this success, I took the opportunity to install a Celestix HOTPin client on my iPhone as well.
Again, just download the iPhone client software from the Apple AppStore. You will need to ensure that the Celestix HOTPin server is running somewhere. Currently it can run on the Celestix WSA appliance, which negates the need for an additional server hardware. Once the server component is configured and users added to the system, it is ready to go.
I used the HOTPin client on the iPhone to communicate with my Celestix WSA appliance which is hosting the HOTPin server. It downloads the client.dat file onto the iPhone and the client then allows the phone to generate the one time passwords.
The Vasco token required a bit more information to set up and they have the advantage of being able to provide your users with hard tokens, software tokens, mobile phone tokens and OTP via SMS, all through a single server element and manage them from one console.
The Celestix is a more cost effective solution as the HOTPin server software can run on the Celestix WSA appliance and there is no server software cost as such. The only down side is that there is no hard token option, so you may encounter some friction from users as they will not want the HOTPin client installed on their own personal mobile devices, although you have the option for a software client on Windows or using OTP vis SMS.
Although both solutions support receiving the one time password via SMS, what happens if your users are in a mobile telephone blackspot?
- Posted using BlogPress from my iPhone