Using device identification with SafeLinx Clients

Some devices have serial numbers that are associated with their hardware, which can be used for identification. Users who connect through the SafeLinx Client that is configured for Password key exchange can have an extra level of security by taking advantage of these device identifiers.

About this task

Not all client platforms and devices support device identification. If a user is configured to use device identification, the unique identifier is combined with the password during authentication.

You can enter the device identifier in the User's properties. Alternatively, if a user is configured to use device identification and the device identifier has not been configured, it is sent from the SafeLinx Client to the SafeLinx Server on the SafeLinx Client's initial login attempt. On subsequent login attempts, the user is authenticated using both the password and the identifier that is stored in this field. If the user attempts to log in with another device, the login fails with an incorrect password message.

Follow the proceeding steps to configure a SafeLinx Client to use device identification.

Procedure

  1. From the SafeLinx Client Connections windows, edit the properties of the wanted connection. Select the Security tab, then select Password Key Exchange. Click OK.
  2. Make sure that the MNC to which the SafeLinx Client connects has a connection profile that is configured to use a key exchange algorithm using the single-party or two-party key distribution protocol:
    1. In the Resources tab, right-click the properties of the MNC to which the SafeLinx Client connects, then click Properties.
    2. Click the Network tab and view the Connection profile that is assigned to the MNC.
    3. Click the Find button. Click Connection profile in the Resource field, then click Find now. Click Cancel to close the Find Resource window.
    4. From the Find Resource Results window, double-click the connection profile that is assigned to the MNC.
    5. Click the Security tab. Make sure that the Key exchange algorithm is set to Two-party key distribution or Single-party key distribution.
  3. Click the Find button. Click User in the Resource field, then click Find now. Click Cancel to close the Find Resource window.
  4. From the Find Resource Results window, double-click the user ID that you want to use device identification.
  5. Click the Password tab, then click Enable device verification.
  6. If you want to fill in the identifier, enter the digits using all uppercase hexadecimal characters and using no spaces or punctuation. Otherwise, the device identifier will be stored automatically, after the SafeLinx Client user logs in to the SafeLinx Server successfully using Password key exchange.

    If the user attempts to log in with another device, the login will fail with an incorrect password message. To enable the user to log in with another deice, update or clear the Device identifier field on the Password tab of the User properties, then click OK or Apply. If the user attempts to log in with a device that does not support device identification, then the login fails with an incorrect options message.