# Internet Banking Two-Factor Authentication using Smartphones

Save this PDF as:

Size: px
Start display at page:

## Transcription

4 Journal of Mobile, Embedded and Distributed Systems, vol. IV, no. 1, 2012 ISSN HOTP Algorithm The HOTP algorithm is based on an increasing counter value and a static symmetric key known only to the token and the validation service. In order to create the HOTP value, we will use the HMAC-SHA-1 algorithm, as defined in RFC 2104 [4]. As the output of the HMAC-SHA-1 calculation is 160 bits [4], we must truncate this value to something that can be easily entered by a user. HOTP(K,C) = Truncate(HMAC-SHA- 1(K,C)) (1) where: Truncate represents the function that converts an HMAC-SHA-1 value into an HOTP value C is 8-byte counter value, the moving factor. This counter MUST be synchronized between the HOTP generator (client) and the HOTP validator (server). K is the shared secret between client and server; each HOTP generator has a different and unique secret K. The HOTP values generated by the HOTP generator are treated as big endian [4]. We can describe the operations in 3 distinct steps [4]: 1. Generate an HMAC-SHA-1 value: HS = HMAC-SHA-1(K,C) (2) 2. Generate a 4-byte string (Dynamic Truncation): Sbits = DT(HS) (3) DT returns a 31-bit string 3. Compute an HOTP value: Snum = StToNum(Sbits) (4) Convert S to a number in D is a number in the range 0 10 Digit -1 Digit: number of digits in an HOTP value, system parameter. The Truncate function performs Step 2 and Step 3, i.e., the dynamic truncation and then the reduction modulo 10 Digit. The purpose of the dynamic offset truncation technique is to extract a 4- byte dynamic binary code from a 160-bit (20-byte) HMAC-SHA-1 result [4]. We define DT as (6): DT (String) Let OffsetBits be the loworder 4 bits of String[19] Offset = StToNum (OffsetBits) Let P = String[OffSet]...String[OffSet+3] Return the Last 31 bits of P End (DT) where: String=String[0]...String[19] (7) 0 <= OffSet <= 15 (8) The reason for masking the most significant bit of P is to avoid confusion about signed vs. unsigned modulo computations. Different processors perform these operations differently, and masking out the signed bit removes all ambiguity. Implementations MUST extract a 6-digit code at a minimum and possibly 7 and 8-digit code [4]. 3.3 TOTP Algorithm Notations: X represents the time step in seconds (default value X = 30 seconds) and is a system parameter; T0 is the Unix time to start counting time steps (default value is 0, Unix epoch) and is also a system parameter. Basically, we define TOTP [6] as: TOTP = HOTP(K, T) (9) Return D = Snum mod 10 ^ Digit (5) 15

5 where T is an integer and represents the number of time steps between the initial counter time T0 and the current Unix time (i.e. the number of seconds elapsed since midnight UTC of January 1, 1970). More specifically, T=(Timestamp curent - T0)/X (10) The analysis demonstrates that the best possible attack against the HOTP function is the brute force attack [6]. 4. The proposed system 4.1 Application's description In this paper, the shared secret from TOTP algorithm will be computed from the user's ID, phone's IMEI, timestamp and the user's PIN. The solution that I tested requires the completion of three steps: (1) installing the application on the mobile phone (2) user registration and (3) user authentication. The system will have several modules, for user registration, generation of one-time passwords for authentication or for signing money orders. The system will also be able to fix timestamp difference problems that can lead to generating invalid one-time passwords. Figure 1. Initial user registration on the mobile application User registration The server application can create on demand an activation code for a given user ID. In order to complete the initial user registration, an active internet connection is required on the mobile phone. The data transfer will be made through a HTTPS secure connection. After the user installs the application on their mobile phone, he will be prompted for the activation code and the PIN that he wishes to set for the app. This is where the user must enter the activation code generated by an employee of the company in the server application and his chosen PIN. After the user enters the activation code his PIN code, a data transfer between the phone and the server is initiated. The phone will send the activation code, the hash of the PIN, the IMEI number and the timestamp to the server. The server will 16

6 Journal of Mobile, Embedded and Distributed Systems, vol. IV, no. 1, 2012 ISSN identify the user by the activation code. At this point, the PIN can be destroyed from the mobile application. The server will store the IMEI number, the hash of the user's PIN and the timestamp difference between the two devices. The server will then send a hash of the user's ID (Encrypted ID) to the mobile application, hash that will be later used in generating the unique OTP. I have chosen to send a hash of the user's ID in order to protect user s identity. If the phone is lost or stolen, the owner's user ID will not be stored in the phone's memory, but only it's hash. See fig. 1 for a visual approach of the initial user registration on the mobile application Generating OTP passwords Generating the unique passwords is an offline process once the user has installed, configured and synchronized the application on his mobile, for which an active internet connection is required. When the application starts, the user will be prompted for the PIN code. Since the application does not store the PIN code, it will not be able to verify if the user entered the right one or not. If the PIN is different from the one used at registration, the OTP result will be different from the one computed on the server and therefore the user won't be able to authenticate in the Internet Banking application. The unique OTP is generated with the TOTP algorithm, using the hash of the user ID (stored on the phone), the phone's IMEI (requested when opening the application) and the user's PIN (also requested every time the user uses the application). These credentials are then signed with the current timestamp, as defined in TOTP. The onetime password will be valid for 30 seconds since it's generation. After 30 seconds, the application will automatically generate a new valid OTP Signing money orders The mobile application can also sign money orders initiated inside the Internet Banking application. In this case, the server will create a challenge code, using credentials like the source account number, the destination account number, the amount of money to be transferred and the current timestamp. The mobile application has a dedicated section for signing money orders, where the user is asked to introduce their PIN code and the challenge code displayed by the server in the Internet Banking application. The OTP algorithm used to generate the response from the token is the same as in the authentication process, with the only difference that the key also concatenates the server challenge code. The validity period of the challenge code is 5 minutes, while the validity of the OTP response is 60 seconds Synchronizing timestamps In order for the system to work, the timestamp must be synchronized between the server and the phone. At the moment of user registration, the timestamp difference between the server and the phone is stored in the database, on the server side. Therefore, every time when the server will generate its own verification OTP code will adjust it's timestamp in order to match the timestamp from the phone. The system will stop working properly if the phone timestamp will be changed afterward. In this case, the unique code generated by the phone will not match the one computed by the server and the user won't be able to sign into the Internet Banking application. This problem can be easily fixed by introducing a Timestamp sync module in the mobile application that attempts to connect to the server and store the new timestamp difference. In order for this module to work, an active internet connection is needed on the mobile phone. 4.2 System's practical implementation The described system will consist of three applications, two on the server side and one mobile application: 17

### Review Paper on Two Factor Authentication Using Mobile Phone (Android) ISSN 2319-9725

Review Paper on Two Factor Authentication Using Mobile Phone (Android) ISSN 2319-9725 Rahul Kale Neha Gore Kavita Nilesh Jadhav Mr. Swapnil Shinde Bachelor s Degree program in Information Technology Engineering

### Two Factor Authentication Using Smartphone Generated One Time Password

IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 11, Issue 2 (May. - Jun. 2013), PP 85-90 Two Factor Authentication Using Smartphone Generated One Time Password

### A SECURE COMMUNICATION IN SMART PHONES USING TWO FACTOR AUTHENTICATIONS

A SECURE COMMUNICATION IN SMART PHONES USING TWO FACTOR AUTHENTICATIONS Soumya Murali 1, Anitha.B 2, Anitha Mary Paul 3 1, 2, 3 Assistant Professor, 1, 2 Sree Buddha College of Engineering, Pattoor, Alappuzha,

### Two-Factor Authentication Basics for Linux. Pat Barron (pat@lectroid.com) Western PA Linux Users Group

Two-Factor Authentication Basics for Linux Pat Barron (pat@lectroid.com) Western PA Linux Users Group Some Basic Security Terminology Two of the most common things we discuss related to security are Authentication

### Multi Factor Authentication Using Mobile Phones

International Journal of Mathematics and Computer Science, 4(2009), no. 2, 65 80 Multi Factor Authentication Using Mobile Phones M CS Fadi Aloul 1, Syed Zahidi 1, Wasim El-Hajj 2 1 Department of Computer

### Protected Cash Withdrawal in Atm Using Mobile Phone

www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 2 Issue 4 April, 2013 Page No. 1346-1350 Protected Cash Withdrawal in Atm Using Mobile Phone M.R.Dineshkumar

### THE FUTURE OF MOBILE SECURITY http://www.cs-networks.net

http://www.cs-networks.net 1 The Future Of Mobile Security Stefan Certic CS Network Solutions Limited http://www.cs-networks.net 2 Introduction Mobile devices are more than just phones, they are a lifeline

### Enhancing Totp Protocol By Embedding Current Gps Location

Enhancing Totp Protocol By Embedding Current Gps Location U. A. Abdurrahman, M. Kaiiali and J. Muhammad Abstract Static password authentication is no longer considered secure in the internet and banking

### Secure Web Access Solution

Secure Web Access Solution I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. E-CODE SECURE WEB ACCESS SOLUTION... 3 OVERVIEW... 3 PKI SECURE WEB ACCESS... 4 Description...

### CA ArcotOTP Versatile Authentication Solution for Mobile Phones

PRODUCT SHEET CA ArcotOTP CA ArcotOTP Versatile Authentication Solution for Mobile Phones Overview Consumers have embraced their mobile phones as more than just calling or texting devices. They are demanding

### RSA SecurID Two-factor Authentication

RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial

### Implementing Strong Authentication with OTP: Integrated System

ICT Innovations 2010 Web Proceedings ISSN 1857-7288 139 Implementing Strong Authentication with OTP: Integrated System Pance Ribarski, Ljupcho Antovski University Ss. Cyril and Methodius, Arhimedova bb,

### RSA SecurID Software Token 1.0 for Android Administrator s Guide

RSA SecurID Software Token 1.0 for Android Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA,

### ViSolve Open Source Solutions

ViSolve Open Source Solutions Best-In-Class Authentication and Authorization Solutions & Services ViSolve Inc. ViSolve Securing Digital Assets Contents Security Overview Security Concerns Security Needs

One Time Password Generation for Multifactor Authentication using Graphical Password Nilesh B. Khankari 1, Prof. G.V. Kale 2 1,2 Department of Computer Engineering, Pune Institute of Computer Technology,

### What is a dual-factor authentication based on mobile devices?

VU Security Mobile Tokens It is the first solution to provide a flexible scheme, easy to use, simple to implement and easy distribution ai timely to introduce a dual-factor authentication. Used as hardware

### A brief on Two-Factor Authentication

Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.

### T. Venkat Narayana Rao et al IJCSET October 2011 Vol 1, Issue 9, 569-574

Authentication Using Mobile Phone as a Security Token Professor T.Venkat Narayana Rao, Vedavathi K Department of Computer Science and Engineering Hyderabad Institute of Technology and Management [HITAM]

### IIW 15: New Authentication Method for Mobile Devices

IIW 15: New Authentication Method for Mobile Devices Francisco Corella (fcorella@pomcor.com) Karen Lewison (kplewison@pomcor.com) Pomcor (http://pomcor.com/) 1 User Authentication Challenges in Mobile

### RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide

RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks

### Monalisa P. Kini, Kavita V. Sonawane, Shamsuddin S. Khan

International Journal of Scientific & Engineering Research, Volume 5, Issue 7, July-2014 1410 Secured Authentication Using Mobile Phone as Security Token Monalisa P. Kini, Kavita V. Sonawane, Shamsuddin

### True Identity solution

Identify yourself securely. True Identity solution True Identity authentication and authorization for groundbreaking security across multiple applications including all online transactions Biogy Inc. Copyright

### Salesforce1 Mobile Security Guide

Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,

### 2-FACTOR AUTHENTICATION WITH OPENLDAP, OATH-HOTP AND YUBIKEY. Axel Hoffmann

2-FACTOR AUTHENTICATION WITH OPENLDAP, OATH-HOTP AND YUBIKEY Axel Hoffmann Biography Axel Hoffmann Linux System Administrator 1&1 Mail & Media Dev. & Tech. GmbH axel.hoffmann@1und1.de 2 Introduction Requirements

### OTP using a Cellular Phone

OTP using a Cellular Phone Project book Instructor: Ittay Eyal Student: Vitaly Timofeev 9.8.2009 Table of contents: 1. Introduction a. The problem and current solutions b. Our idea c. Brief project overview

### Two-Factor Authentication

Two-Factor Authentication This document describes SonicWALL s implementation of two-factor authentication for SonicWALL SSL-VPN appliances. This document contains the following sections: Feature Overview

### Hard vs. Soft Tokens Making the Right Choice for Security

Hard vs. Soft Tokens Making the Right Choice for Security HSTE-NB0012-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com

### Enhancing Organizational Security Through the Use of Virtual Smart Cards

Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company

### Dashlane Security Whitepaper

Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.

A secure email login system using virtual password Bhavin Tanti 1,Nishant Doshi 2 1 9seriesSoftwares, Ahmedabad,Gujarat,India 1 {bhavintanti@gmail.com} 2 SVNIT, Surat,Gujarat,India 2 {doshinikki2004@gmail.com}

### Free Multi-Factor Authentication. Using Email and SMS in Enterprise/Random Password Manager (E/RPM)

Free Multi-Factor Authentication Using Email and SMS in Enterprise/Random Password Manager (E/RPM) The controlled release of sensitive credentials in a privileged identity management (PIM) system requires

### OCRA Validation Server Profile

OCRA Validation Server Profile Version 1.0 Feb. 22, 2013 Page 1 of 18 1 Overview This document defines the technical requirements for compliance with an OCRA Validation Server profile for OATH Certification.

### TrustKey Tool User Manual

TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...

### Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology

Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology FREDRIK ANDERSSON Department of Computer Science and Engineering CHALMERS UNIVERSITY

### STRONGER AUTHENTICATION for CA SiteMinder

STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive

### A Secured Approach to Credit Card Fraud Detection Using Hidden Markov Model

A Secured Approach to Credit Card Fraud Detection Using Hidden Markov Model Twinkle Patel, Ms. Ompriya Kale Abstract: - As the usage of credit card has increased the credit card fraud has also increased

### Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques

Computer Security process of reliably verifying identity verification techniques what you know (eg., passwords, crypto key) what you have (eg., keycards, embedded crypto) what you are (eg., biometric information)

### The Security Behind Sticky Password

The Security Behind Sticky Password Technical White Paper version 3, September 16th, 2015 Executive Summary When it comes to password management tools, concerns over secure data storage of passwords and

### An Innovative Two Factor Authentication Method: The QRLogin System

An Innovative Two Factor Authentication Method: The QRLogin System Soonduck Yoo*, Seung-jung Shin and Dae-hyun Ryu Dept. of IT, University of Hansei, 604-5 Dangjung-dong Gunpo city, Gyeonggi do, Korea,

### Digital Signatures on iqmis User Access Request Form

Digital Signatures on iqmis User Access Request Form When a user clicks in the User Signature block on the iqmis Access Form, the following window appears: Click Save a Copy and rename it with your name,

### The increasing popularity of mobile devices is rapidly changing how and where we

Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

SOLUTION BRIEF Cyphercor Inc. Adding Stronger Authentication to your Portal and Cloud Apps Using the logintc April 2012 Adding Stronger Authentication to Portals Corporate and consumer portals, as well

### Using Foundstone CookieDigger to Analyze Web Session Management

Using Foundstone CookieDigger to Analyze Web Session Management Foundstone Professional Services May 2005 Web Session Management Managing web sessions has become a critical component of secure coding techniques.

### Multifactor authentication systems Jiří Sobotka, Radek Doležel

Multifactor authentication systems Jiří Sobotka, Radek Doležel Fakulta elektrotechniky a komunikačních technologií VUT v Brně Email: sobotkaj@feec.vutbr.cz Fakulta elektrotechniky a komunikačních technologií

### Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

### Research Article. Research of network payment system based on multi-factor authentication

Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor

### A STRONG IDENTITY IN THE ONLINE FINANCIAL WORLD OF TOMORROW

A STRONG IDENTITY IN THE ONLINE FINANCIAL WORLD OF TOMORROW July 2012 WHITEPAPER BY MARK BAAIJENS, MANAGING CONSULTANT FOR THE PAYMENT COMPETENCE CENTER Author Mark finished his Master of Science degree

### CSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics

### ADDING STRONGER AUTHENTICATION for VPN Access Control

ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows

### Improving Online Security with Strong, Personalized User Authentication

Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware

### KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric

### SENSE Security overview 2014

SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2

### Complying with PCI Data Security

Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

### Multi Factor Authentication

Seminar Web Engineering Multi Factor Authentication Matr. 233181 stefan.meier@s2009.tu-chemnitz.de Outline 1. Idea 2. Security Issues 3. Key Success Factors 4. Technologies 4.1 Knowledge 4.2 Property 4.3

### Strong Authentication in details

Strong Authentication in details Kuznetsov Alexander Technical Account Manager VASCO Core Activities Overview DIGIPASS DIGIPASS Go Range DIGIPASS E-signature DIGIPASS Reader DIGIPASS for Mobile DIGIPASS

### Two-Factor Solutions Choosing the Right One"

Copyright (c) 2013 RCDevs S.A. (http://www.rcdevs.com) - Page 1/ Two-Factor Solutions Choosing the Right One By RCDevs (http://www.rcdevs.com/) The need to secure access to online applications and resources

### An Approach towards Security in Private Cloud Using OTP

An Approach towards Security in Private Cloud Using OTP Vishal Paranjape 1, Vimmi Pandey 2 1 PG Student, MTECH (CSE), Gyan Ganga College of Technology, Jabalpur, Madhya Pradesh, India 2 Head of Department

### International Journal of Software and Web Sciences (IJSWS) www.iasir.net

International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) ISSN (Print): 2279-0063 ISSN (Online): 2279-0071 International

### Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password

### CS 361S - Network Security and Privacy Spring 2014. Homework #1

CS 361S - Network Security and Privacy Spring 2014 Homework #1 Due: 11am CST (in class), February 11, 2014 YOUR NAME: Collaboration policy No collaboration is permitted on this assignment. Any cheating

### PROXKey Tool User Manual

PROXKey Tool User Manual 1 Table of Contents 1 Introduction...4 2 PROXKey Product... 5 2.1 PROXKey Tool... 5 2.2 PROXKey function modules...6 2.3 PROXKey using environment...6 3 PROXKey Tool Installation...7

### Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

Mobile OTPK Technology for Online Digital Signatures Dec 15, 2015 Presentation Agenda The presentation will cover Background Traditional PKI What are the issued faced? Alternative technology Introduction

### Multi Factor Authentication API

GEORGIA INSTITUTE OF TECHNOLOGY Multi Factor Authentication API Yusuf Nadir Saghar Amay Singhal CONTENTS Abstract... 3 Motivation... 3 Overall Design:... 4 MFA Architecture... 5 Authentication Workflow...

### WHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

WHITE PAPER AUGUST 2014 Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords 2 WHITE PAPER: PREVENTING SECURITY BREACHES Table of Contents on t Become the Next Headline

### FAST OTP for MIT Kerberos

There is more than one password 2011 Kerberos Conference & Interop Event Outline 1 2 3 4 5 6 Outline 1 2 3 4 5 6 About FAST is the "flexible authentication secure tunneling" padata type OTP is one-time

### BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

### The Cloud, Mobile and BYOD Security Opportunity with SurePassID

The Cloud, Mobile and BYOD Security Opportunity with SurePassID Presentation for MSPs and MSSPs January 2014 SurePassID At A Glance Founded 2009 Headquartered in Orlando, FL 6 sales offices in North America,

### Two-factor Authentication in Smartphones: Implementations and Attacks

Two-factor Authentication in Smartphones: Implementations and Attacks Christofer Ericson ada10cer@student.lth.se Department of Electrical and Information Technology Lund University Advisors: Martin Hell,

### A- ATM: AADHAAR BASED SECURITY IN ATM

A- ATM: AADHAAR BASED SECURITY IN ATM Abdul Rahaman Shaik 1,Vemuri Kusuma Priya 2 1 Assistant Professor, Audisankara College Of Engineering & Technology, Gudur. 2 Assistant Professor, Sree Venkateswara

### Securing SharePoint Server with Windows Azure Multi- Factor Authentication

Journal of Mobile, Embedded and Distributed Systems, vol. VII, no. 1, 2015 ISSN 2067 4074 Securing SharePoint Server with Windows Azure Multi- Factor Authentication Petru-Radu NARITA Department of Economic

### SecureDoc Disk Encryption Cryptographic Engine

SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the

### Strong and Convenient Multi-Factor Authentication on Mobile Devices

Strong and Convenient Multi-Factor Authentication on Mobile Devices Francisco Corella, PhD fcorella@pomcor.com Karen Lewison, MD kplewison@pomcor.com Revised September 6, 2012 Executive Summary Authentication

### 2CAuth: A New Two Factor Authentication Scheme Using QR-Code

2CAuth: A New Two Factor Authentication Scheme Using QR-Code N. Harini 1 and Dr. T.R Padmanabhan 2 Department of Computer Science and Engineering, Amrita Vishwa Vidyapeetham, Coimbatore, India. n_harini@cb.amrita.edu,

### Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution

### DKIM Enabled Two Factor Authenticated Secure Mail Client

DKIM Enabled Two Factor Authenticated Secure Mail Client Saritha P, Nitty Sarah Alex M.Tech Student[Software Engineering], New Horizon College of Engineering, Bangalore, India Sr. Asst Prof, Department

### Intel Identity Protection Technology: the Robust, Convenient, and Cost-Effective Way to Deter Identity Theft

Chapter 10 Intel Identity Protection Technology: the Robust, Convenient, and Cost-Effective Way to Deter Identity Theft People need to be more aware and educated about identity theft. You need to be a

### Apache Milagro (incubating) An Introduction ApacheCon North America

Apache Milagro (incubating) An Introduction ApacheCon North America Apache Milagro will establish a new independent security framework for the Internet A Distributed Cryptosystem Secure the Future of the

### VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy

VASCO Data Security International, Inc. DIGIPASS GO-7 FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy Security Level: 2 Version: 1.7 Date: August 12, 2015 Copyright VASCO Data Security

### Dashlane Security Whitepaper

Dashlane Security Whitepaper March 2016 1. General Security Principles a. Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password

### Creating One Time Password (OTP) infrastructures using Open Source sofware

Creating One Time Password (OTP) infrastructures using Open Source sofware Giuseppe Gippa Paternò Visiting Researcher Trinity College Dublin Who am I Visiting Researcher at Trinity College Dublin (Ireland)

### SMS-OTP. Nguyen Mai Phuong

Nguyen Mai Phuong SMS-OTP Helsinki Metropolia University of Applied Sciences Degree Bachelor of Engineering Degree Programme in Information Technology Thesis Date : 24 th April 2014 Supervisor : Erik Pätynen

### Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

### Guide to Evaluating Multi-Factor Authentication Solutions

Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor

### Enhancing NUSNET using Two-Factor Authentication

Enhancing NUSNET using Two-Factor Authentication Vaarnan Drolia, Eugene Huang National University of Singapore School of Computing Singapore, 117417 vd@nus.edu.sg, eugenehuang@nus.edu.sg Abstract. This

### CRYPTOGRAPHY AS A SERVICE

CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,

### MIGRATION GUIDE. Authentication Server

MIGRATION GUIDE RSA Authentication Manager to IDENTIKEY Authentication Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as

### DIGIPASS Authentication for Sonicwall Aventail SSL VPN

DIGIPASS Authentication for Sonicwall Aventail SSL VPN With VASCO IDENTIKEY Server 3.0 Integration Guideline 2009 Vasco Data Security. All rights reserved. PAGE 1 OF 52 Disclaimer Disclaimer of Warranties

### Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1

### SECUDROID - A Secured Authentication in Android Phones Using 3D Password

SECUDROID - A Secured Authentication in Android Phones Using 3D Password Ms. Chandra Prabha K M.E. Ph.D. 1, Mohamed Nowfel 2 E S, Jr., Gowtham V 3, Dhinakaran V 4 1, 2, 3, 4 Department of CSE, K.S.Rangasamy

### One-Time Password Contingency Access Process

Multi-Factor Authentication: One-Time Password Contingency Access Process Presenter: John Kotolski HRS Security Officer Topics Contingency Access Scenarios Requesting a Temporary One-Time Password Reporting

### White Paper. Options for Two Factor Authentication. Authors: Andrew Kemshall Phil Underwood. Date: July 2007

White Paper Options for Two Factor Authentication Authors: Andrew Kemshall Phil Underwood Date: July 2007 Page 1 Table of Contents 1. Problems with passwords 2 2. Issues with Certificates (without Smartcards)

### Introduction to Computer Security

Introduction to Computer Security Identification and Authentication Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access: a big picture 1. Identification Which object O requests

### Alternative authentication methods. Niko Dukić/Mario Šale CS Computer Systems

Alternative authentication methods Niko Dukić/Mario Šale CS Computer Systems Table of contents: Authentication and why is it important Authentication methods RSA SecureID solutions for authentication Implementation

### Economic and Social Council

UNITED NATIONS E Economic and Social Council Distr. GENERAL ECE/TRANS/WP.30/AC.2/2008/2 21 November 2007 Original: ENGLISH ECONOMIC COMMISSION FOR EUROPE Administrative Committee for the TIR Convention,

### Keywords Cloud Computing, CRC, RC4, RSA, Windows Microsoft Azure

Volume 3, Issue 11, November 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Cloud Computing