Turn device in landscape mode

Mideye Tour

Choose user example to start the tour.

Login with standard phone

Login with one-time passwords (OTPs) delivered in real time via the mobile network.

The user enters login credentials.

tour-enter-credentials
  • The user initiates login by entering user name and password.
  • The login credentials are forwarded via a RADIUS request to the Mideye Server.
  • The Mideye Server verifies login credentials against a user repository (e.g. Active Directory), and the user's mobile phone number is retrieved.
  • The Mideye server generates a random session-specific OTP (one-time password).

The one-time password is sent to the user's phone.

mideye-phone
  • The OTP is forwarded via a secured Internet connection to the central Mideye service.
  • The Mideye service performs a handshake with the mobile phone and the OTP is displayed to the user.
  • When the handshake with the mobile phone is finished, the Mideye Server sends a RADIUS access challenge to prompt the user for an OTP.

The user enters the OTP for verification.

mideye-enter-otp
  • The OTP is entered by the user and forwarded to the Mideye Server as a response to the access challenge.
  • The Mideye Server verifies the OTP.

Access granted

mideye-access-granted
  • After verifying that the correct OTP has been entered, the Mideye Server returns an access accept.
  • The user is granted access to the protected service.

Login with smartphone

Users with smartphones (Android, iPhone, Windows Phone) can choose to download the Mideye+ app. This enables login also when the phone is not reachable via the mobile network.

Activation of Mideye+, step 1

activation-step-1
  • After downloading and starting the Mideye + app, the user is prompted to enter the mobile number.
  • The mobile phone contacts the Mideye central service to register the phone number as pending for Mideye+ activation.

Activation of Mideye+, step 2

tour-enter-credentials
  • The user initiates login to the protected service.
  • The login triggers an activation SMS which sent to the mobile phone, whereby the Mideye+ app contacts the Mideye central service to finalise the activation.
  • The user is marked as activated for Mideye+ in the central service, and future logins proceed according to the Mideye+ schema.

Login with network coverage.

tour-enter-credentials
  • The user initiates login by entering user name and password.
  • The login credentials are forwarded via a RADIUS request to the Mideye Server.
  • The Mideye Server verifies login credentials against a user repository (e.g. Active Directory), and the user's mobile phone number is retrieved.
  • The Mideye server generates a random session-specific OTP (one-time password).

The one-time password is sent to the user's phone.

mideye-phone
  • The OTP is forwarded via a secured Internet connection to the central Mideye service.
  • The Mideye service identifies the phone number as belonging to a Mideye+ user and encrypts the password with the corresponding app key. The handshake is performed with the mobile phone / app, and the OTP is displayed to the user.
  • When the handshake with the mobile phone is finished, the Mideye Server sends a RADIUS access challenge to prompt the user for an OTP.

The user enters the OTP for verification.

mideye-enter-otp
  • The OTP is entered by the user and forwarded to the Mideye Server as a response to the access challenge.
  • The Mideye Server verifies the OTP.

Access granted.

mideye-access-granted
  • After verifying that the correct OTP has been entered, the Mideye Server returns an access accept.
  • The user is granted access to the protected service.

Login outside of network coverage.

tour-enter-credentials
  • The user initiates login by entering user name and password.
  • The login credentials are forwarded via a RADIUS request to the Mideye Server.
  • The Mideye Server verifies login credentials against a user repository (e.g. Active Directory), and the user's mobile phone number is retrieved.
  • The Mideye server generates a random session-specific OTP (one-time password).

Delivery attempt to mobile phone

no-service
  • The OTP is forwarded via a secured Internet connection to the central Mideye service.
  • The Mideye service identifies the phone number as belonging to a Mideye+ user and tries to establish contact with the phone via the mobile network. When this fails, the central service responds back to the Mideye Server that the phone is out of reach.
  • The Mideye Server generates a random challenge and returns this with the RADIUS access challenge to prompt the user for a response.

The user is prompted for a response to an access challenge.

response-challenge
  • Since the phone is not reachable via the mobile network, the user is instead requested to manually sign an access challenge with the Mideye+ app.
  • The user manually starts the Mideye+ app on the phone and enters the challenge.

The user signs the challenge on the phone.

enter-challenge
  • The user manually starts the app on the phone and enters the challenge from the login screen. The challenge is signed with the secret key associated with the app, and a session-specific one-time password is calculated.

A response to the challenge is generated by the Mideye+ app.

mideye-phone
  • The Mideye+ app responds to the access challenge with a one-time password.
  • The OTP is manually entered by the user and forwarded to the Mideye Server as a response to the access challenge.
  • The Mideye Server forwards the challenge-response pair to the central Mideye service for verification.

Access granted.

mideye-access-granted
  • After the central service has successfully verified the challenge-response pair, the Mideye Server returns an access accept.
  • The user is granted access to the protected service.

Login with token card

Users that cannot use a mobile phone for login can instead obtain one-time passwords (OTPs) from a token card.

Token card logistics service.

token-card
  • For users that are unable to use a mobile phone for login, a token card can be sent from the Mideye central service.
  • The serial number of the token card is registered in the user’s entry in the user repository.

Login with token card.

tour-enter-credentials
  • The user initiates login by entering user name and password.
  • The login credentials are forwarded via a RADIUS request to the Mideye Server.
  • The Mideye Server verifies login credentials against a user repository (e.g. Active Directory), and the serial number of the user’s token card is retrieved.
  • The Mideye server responds with a RADIUS access challenge to prompt the user of a one-time password.

User generates a one-time password from the token card.

token-otp
  • By pressing the button on the token card, the user generates an event- and time-synchronous one-time password.

The user enters the OTP for verification.

mideye-enter-otp
  • The OTP is entered by the user and forwarded to the Mideye Server as a response to the access challenge.
  • The Mideye Server forwards the OTP along with the serial number of the token card for verification in the central Mideye Service.

Access granted.

mideye-access-granted
  • After the central service has successfully verified the one-time password, the Mideye Server returns an access accept.
  • The user is granted access to the protected service.