GrIDsure Authentication

Grid tokens provide a flexible authentication method that allows users to generate a one-time password without requiring any hardware tokens or software applications.

Grid Token

GrIDsure Authentication, or grid tokens, work by presenting the end-user with a matrix of cells during enrollment containing random characters, from which they select a 'personal identification pattern (PIP)’.

Thereafter, whenever the end-user wishes to authenticate to a SafeNet Authentication Service protected resource, the user is presented with a challenge grid containing random characters. The user then enters the characters in the cells that correspond to their PIP. No hardware to lose and far superior to static passwords. Every time the challenge grid appears, the characters in the cells are different, so the user is always entering a one-time passcode.

Easy to Deploy

Users are presented with a different grid each time they access a protected resource. They simply enter the characters from the grid cells that correspond to their PIP.

Customizing Grid Tokens

Grid tokens can be customized to optimize the user logon experience and changing security policy.

  • Grid Size
    • 5 x 5 cells
    • 6 x 6 cells
    • 7 x 7 cells
  • Grid Character Sets
    • Digits
    • Upper case letters
    • Lower case letters
    • Punctuation
    • Non-Trivial PIPs

SafeNet Authentication Service can prevent the use of trivial PIPs such as cell combinations that create horizontal lines, 4 corners or use of the same cell more than 2 times in a PIP. Using a PIN with Grid token as with other SafeNet Authentication Service tokens, the Grid passcode can be combined with a PIN, adding an extra layer of protection based on something only the user knows.

If PINs have been enabled, the user will enter their PIN followed by the characters in the cells corresponding to their PIP in the OTP field of the logon form.


Auto-provisioning is automatically linked to user self-enrollment. This means that tokens can be issued and users can enroll and activate their token by themselves, freeing administrators to concentrate on other IT tasks. Grid tokens can be issued to individual users automatically using SafeNet Authentication Service auto-provisioning. Simply create a rule that assigns Grid token whenever a user is added to a specific Active Directory group. After the rule is created, Grid token will be automatically issued or revoked as users are added or removed from the Active Directory group.

Protect IIS 6 / IIS 7 based applications. Grid tokens can be used with the SafeNet Authentication Service Agent for IIS6.

Grid tokens currently protect popular applications such as:

  • Outlook Web Access (OWA)
  • SharePoint
  • Remote Web Workplace (RWW)
  • Other IIS 6 based applications
  • RDWeb
  • TSWeb
  • SSL VPN such as Juniper Networks & Cisco ASA

Key Features

Usability: Grid token is easy to use in any user population.

Zero Footprint: There is no hardware to distribute and no client software to install or maintain.

Ideal for IIS6 based web sites: Users simply browse to the protected site where they are prompted to enter their PIP to complete the authentication process.

Cost Effective: This low cost solution becomes even more attractive because there's no administrative overhead with provisioning users with tokens.

Key Benefits

  • Pattern based "PIP" are easier to remember than PINs
  • Characters in the Grid change for each logon
  • No software to install or maintain
  • No hardware to distribute
  • Ideal for protecting web-based applications

Compatible with

  • SafeNet Authentication Service Agent for IIS6
  • SafeNet Authentication Service Agent for IIS7
  • Microsoft IIS apps such as OWA, SP, RWW RDWeb and TSWeb