A methodology for implementation and integration Two-Factor Authentication into VPN

Nowadays, Virtual Private Network (VPN) is used widely in enterprise and home network. For security issues, Two-Factor Authentication Service (TFAS), which includes not only the traditional credentials (username and password) but also the second factor, is integrated to make it more secure. If there are incidents happened when users create VPN connection (e.g. time violated, token expired), hence in user aspect, the more real-time supports they get, the more they will appreciate the service. Besides, they also need to be authorized to access network resources. Depending on each user´s information (e.g. time of access, physical location), they will be accepted or denied and get various dynamic privileges. It is too difficult to find out the ready-made system that can do the automatic real-time support; even if the commercial solution is purchased, it will be an in-a-box product which is unable to satisfy 100 percent of requirements. This paper describes how to implement a customizable TFAS and integrate it into VPN Concentrator with low-cost money by the programming language-Java. The proposed TFAS has been implemented and being deployed in a bank (300 concurrent users) with some add-on features and monitoring services to insure the High Availability (HA).