The M4S Authentication Process

The M4S family consists of four major modules that work below the surface to make user authentication simple, administration efficient, and data transfer absolutely secure.

To authenticate, the user plugs the M4S Personal Smart Key into a PC.
The Smart Key performs three security checks – internal self-integrity, computing environment evaluation (Trust Zones), and communication with the M4S Authentication Gateway – then prompts the user to swipe a fingerprint for biometric authentication, which is performed locally on the M4S Smart Key and never transmitted or exposed. Only the user and the Smart Key know what fingers are enrolled and used for authentication.
The Smart Key then calls the gateway via standard https (SSL/TLS), and the gateway creates the M4S Secure-Sync Channel link back to the Personal Smart Key. The gateway then generates a random, one-time-use AES 256 encrypted challenge and sends the challenge to the Personal Smart key via the Secure Sync Channel.  The Personal Smart Key responds, the challenge is validated by gateway, and the gateway passes the appropriate user credentials to the target environment and/or application.
The M4S Management Center then presents the user with his or her allowable functions, based on permissions set at the gateway for the user’s specific group, user, and trust zones. If the enterprise has invoked M4S’ Single Sign On capability, the Management Center present the user with the targets they are permitted to access.