Authentication Between the Mobile Access Service and SafeLinx Clients

SafeLinx Clients must authenticate with the mobile access service before they can establish an encrypted connection.

Mobile access services use a modified Point-to-Point Protocol (PPP) called wireless optimized link protocol (WLP) to authenticate connections with SafeLinx Clients. A connection profile is configured and assigned to the HTTP or TCP MNC through which SafeLinx Clients connect.

You can configure a connection profile to perform key exchanges that use:
Single-party key distribution protocol
The SafeLinx Client is authenticated to the SafeLinx Server by using a password.
Two-party key distribution protocol
The SafeLinx Server and the SafeLinx Clients authenticate the passwords for each other. The SafeLinx Client validates that the Connection Manager has the client password before it sends the password to the SafeLinx Server.
Diffie-Hellman key agreement algorithm
Both the SafeLinx Server and the Mobility Client are given the means to compute the same key.
Note: This choice does not complete authentication.

Some devices have serial numbers that are associated with their hardware, and that can be used for identification. Users who connect by using a SafeLinx Client that is configured for Password key exchange can take advantage of an extra level of security by taking advantage of device identifiers. Not all client operating systems and devices support device identification. If device identification is supported, from the SafeLinx Client, click SafeLinx Client Help > About to view the device identifier. If a user is configured to use device identification, the unique identifier is combined with the password during authentication. For more information about enabling device identification, see Using device identification with SafeLinx Clients

For more information about SafeLinx Client key exchange, see Connection and transport profiles.