Detailed information about abylon LOGON SSO Pro

Functionality of SSO (Single Sign-On) for the automatic entry of login data
Single sign-on for Windows and applications with smart card, USB stick or CD

The software functionality abylon Single Sign-On (SSO) is offered for the products abylon KEYSAFE and abylon LOGON SSO Pro for the products abylon LOGON SSO Pro for the products. The SSO function supports the user in entering login data, such as login name and password. For this purpose, the login windows are learned once by entering the corresponding login data. This data is stored in encrypted form. In the future, the login data will be automatically saved by the software after the legitimation of the user. abylon Signle Sign-On in the corresponding fields. As legimitation the following hardware keys can be used:

  • Certificate chip card and token
  • <µli>Processor chip card
  • Memory chip card
  • External storage medium (e.g. USB stick) with key file on the medium
  • External storage medium (e.g. USB stick) with key file on computer
  • CD/DVD
  • Contactless RFID - Radio chip card
  • Bluetooth device (e.g. mobile phone)
  • NOTE: Special support on Request!

With the software abylon KEYSAFE a password can also be entered via the computer keyboard.

The abylon LOGON software solutions offer numerous additional possibilities in the clear administration area. For example, individual users, cards or applications can be activated, deactivated or blocked. The complete login data is stored in an encrypted XML file, so that a central administration on a server is also possible.

Advantages of automatic login (SSO - Single Sign-On) Authentication with hardware key

The number of required passwords is increasing inexorably and it is becoming more and more difficult for normal users to remember them all. As a strategy the user uses identical credentials for all authentications, easy to remember but insecure passwords or write them down in an insecure place. This undermines the security that is actually needed and provides crackers with a simple point of attack, such as phishing attacks. This uncertainty can put secret data in the wrong hands and, in the worst case, can even result in financial damage.

The software feature abylon Signle Sign-On provides helpful support without reducing security. The user only needs to authenticate once and can then access all securely stored credentials.

In networks with multiple users, accounts and credentials can be centrally managed by one administrator. By using hardware tokens (e.g. chip cards or USB sticks), the individual employee no longer has access to the real login data. During the Single Sign-On process, the real keyboard and mouse input was blocked by a special software procedure so that the login data cannot be redirected to plain text fields and thus spied out.

The administrator can change the real access data independently without having to relearn the tokens. Individual tokens can also be temporarily deactivated or locked as required. A complete removal of the tokens from the database makes further use impossible.

In networks with multiple users, accounts and credentials can be centrally managed by one administrator. By using hardware tokens (e.g. chip cards or USB sticks), the individual employee no longer has access to the real login data. During the Single Sign-On process, the real keyboard and mouse input was blocked by a special software procedure so that the login data could not be redirected to plain text fields and thus spied out. The administrator can change the real access data independently without having to relearn the hardware keys. Individual keys can also be temporarily deactivated or locked as required.

  • Only one-time authentication required
  • Automatic window detection
  • No insecure storage of passwords
  • Use of more complex and different passwords 
  • Increased protection against keyloggers and phishing attacks
  • High flexibility
  • Central Administration

Functional range of the software ../abylon LOGON SSO Pro. ()

Functions of the individual versions see Table!

  • Secure and automatic logon to NT systems
  • Only one-time authentication required
  • Automatic entry of login name and password for applications7
  • supported media for registration:
    • Chip cards (e.g. EC or KV cards)
    • External storage media (e.g. USB sticks)
    • CDs/DVDs
    • RFID cards
    • Certificate chip cards and USB tokens (support of various providers, such as Aladdin eToken)
    • EEPROM smart cards SLE 4432 and SLE 4442
    • and more...
  • Random Password - Daily changing and random Windows login data
  • two-factor authentication (optional) by additional password input at login
  • SecureID for symmetrical cards (help in case of card loss)
  • Account management: Multiple logon accounts for one medium
  • Encrypted data storage
  • Automatic window detection
  • Automatic start and stop of programs
  • Increased protection against keyloggers and phishing attacks
  • When the media is dragged, the computer is Locked, Logged out or Shutdown
  • Central Administration

System requirements for the automatic Windows and program logon

  • Processor: Pentium (or comparable)
  • Main memory: 256 MByte RAM 
  • free hard disk space approx. 60 MByte 
  • Operating system: 10, 8.1, 8, 7, Vista, XP, 32-Bit, 64-Bit
  • screen resolution: min. 1024x600 Pixel
  • Optional smart card reader or USB token

Supported standards

  • CAPI (Microsoft Crypt API)
  • PKCS#7 (Cryptographic Message Syntax Standard)
  • PKCS#11 (Cryptographic Token Interface Standard)
  • PKCS#12 (Personal Information Exchange Syntax)
  • RSA
  • PC/SC
  • RC4, Blowfish, AES, 3DES...
  • X.509 v3 Certificates
  • SCard-API
  • CT32.DLL
  • Microsoft Certificate Database

Technical Information to Software for automatic login

  • Installation and uninstallation routine
  • Driver for smart card reader or USB token has to be installed separately
  • CSP (Crypto Service Provider) must be installed separately (further information >> Compatibility)
  • If the CSP is not automatically recognized by abylon LOGON, then the corresponding transfer module can be entered in the settings dialog
  • EC-/HBCI card must be equipped with a chip
  • For health insured cards the card reader must support a CT32 interface DLL

    The CT32 interface is an outdated standard, which should not be used anymore for compatibility reasons.