HOW LIBRARY Q-ID CONTROLLER WORKS

In order to maintain the same security level of OTP hardware technology, to keep costs to a minimum and to overcome the problems of simultaneous management of several tokens, the Q- ID platform offers to the user an App on smartphone, capable of managing one or more cards, each containing a virtual token OATH compliant.

The advantage of the use of Q-ID is its ability to manage in a single App different instances of the OTP, to access different systems, networks or services.

The access to the App functions is subject to the incorporation of an activation MasterPassword, in order to ensure the user from fraudulent use of their Q-ID App and in case he/she loses his/her smartphone.

Q-ID App can also manage any of the user's personal secret information.

The Library Q-ID Controller is a software module that has to be included in the Enterprise Authentication Services.

This module provides to software developers all the functions they need to manage the OTP elements, from the enrolment phase (using SQCode aidSystem), verifications, synchronization events and the management of user licenses throughout their life cycle.

The security level is the maximum guaranteed by the application of the standards:

-OATH ( Open Authentication );

-AES256 (symmetric Encryption);

-RSA1024 (electronic signature);

-SHA256 / BCrypt (cryptographic digest)

Moreover, the secure generation phase of the OTP seeds begins inside Q-ID Company, using hardware devices that are Common Criteria EAL+ certified.

When the seeds are acquired by the Library Q-ID Controller, they are further transformed by the Enterprise Authentication Services that use Q-ID platform.

In this way, no one outside the Enterprise, not even Q-ID Company, can get their hands on this data.

"The absence of costs for Q-ID App and Library Q-ID Controller Module, together with the very low license cost for users (server side), means that you can address the use of the OTP, even in the presence of large number of users. "

One of the advantages of the Q-ID platform is its use of a standard like OATH, which allows it to operate with hardware OTP Tokens OATH compatible, in parallel to the virtual OTP Tokens.

Q-ID Controller Library handles indifferently and simultaneously, the Virtual Token managed by the

App Q-ID or hardware Token, OATH compliance.