1 Digital identity: Toward more convenient, more secure online authentication For more than four decades, the familiar username/password method has been the basis for authentication when accessing computer-based services. It s a practical approach that provides an acceptable level of security when accessing a closed system, but today s online activities have evolved beyond what the username/ password format can effectively protect. A study, done by Microsoft more than five years ago, showed that the average American user had 25 online accounts secured using 6.5 passwords. It s reasonable to assume that those numbers have increased in recent years, and this raises serious questions about quality issues regarding passwords and the risks associated with insufficient security. The recent hack of 6.5 million LinkedIn user passwords illustrates the limits of username/password authentication techniques, especially when securing today s online services and protecting transactions of increasing value. Recent initiatives, such as the US National Strategy for Trusted Identity in Cyberspace, show government commitment to enforce cyber security. As stated in the National Security Strategy 1) in 2010, The Internet and e-commerce are keys to our economic competitiveness. This white paper introduces the concerns behind user authentication for online services. It describes various concepts and solutions for digital identity, high-security authentication methods, and digital signatures. 1) National Security Strategy, May 2010, The White House
2 Problems to solve To start with, let s go through a simple example, where we will identify the various steps that must be taken to initiate and utilize online service, and the risks that apply to these steps. Our example begins with Bob, who wants to join a club that will provide him with a wealth of online services, chat rooms, online storage and sharing, instant messaging, mail, localized information, and booking services. Bob has many friends who are already members of the club and he looks forward to sharing messages, information, and pictures with them and the other people he meets online. The first step for Bob is online registration to the club. He s asked to provide his real name or his online nickname, his age (or at least a verification that he is over the minimum required age for participation), and other pieces of information required by the service provider to fulfill their service provision and legal obligations. Based on the information Bob provides, the service provider then issues a token and a credential binding the token to Bob s identity. Bob starts using the service as soon as the registration process is complete. He securely authenticates presenting his token, which is used together with the credential to verify his identity. With the authentication process complete, the service provider grants Bob access so he can start enjoying his subscription services. The service provider offers a directory search function that lets subscribers see if their friends are also connected to the service. Bob uses the directory to look for and connect with his friends. Bob also sees that one of his favorite actresses, Alice, is also online, so he subscribes to get updates on her daily life. As Bob continues to use the service, the opportunities for theft continue to appear. For example, when Bob sees that a good friend has just received a promotion at work, he uses one of the club s localization services to send a celebratory bouquet of flowers from a nearby florist. The club asks Bob to sign his order in such a way that he can t pretend, at a later stage, that he was unaware of his responsibility to the florist or deny that he conveyed the transaction. It is essential that everyone involved in this example service -- Bob, his friends, the celebrities he follows, the shop owners he deals with -- remain protected from fraud and identity theft. Even in the few steps that we ve described, there have been several opportunities where security could fail. To begin, threats can occur at the registration process, especially if subscribers don t have to prove their real identities. Next, during the authentication process, the token or credential could be stolen or hacked from the service provider s server. Similar threats are present when Bob uses the clubs various services, such as ordering a delivery from a local florist. Fortunately, there are ways to reduce these threats and minimize the risk of identity theft. In the next sections, we look at various solutions, including a signature process that can be used with a non-repudiation feature when conducting online transactions. Registration Without appropriate controls, the registration process can t perform strong user authentication. At the same time, the user should only provide the identity attributes and traits required for the service provision, and these need to be treated confidentially to protect privacy. When service access is not anonymous, the registration process should involve an identity verification mechanism, but these mechanisms are not in widespread use. Services that require users to reveal their identity may use an identity verification mechanism during the registration process. In a purely online process, identity verification can be performed using credential guaranteed by a third party, a so-called credentialbroker. For instance, the service might ask the user to prove his identity with an electronic national identity card and a secret, or his bank card hosting a special application. The service provider can then use a third party for the identity check, and issue credentials based on this trusted verification.
3 In our example, Bob filled in all the details, with his identity attributes and traits, using a secured session on the service provider s web site, and proved his identity by using his identity card and PIN. Once Bob s genuine identity was confirmed by the authentication service associated with his identity card, the service provider issued the credential. The security checks used in the registration step have to be balanced against several factors. This typically includes the user s perceived security requirements (the user may not accept going through intensive background checks to register for a social network), the legal requirements (the minimum set of attributes that local laws require be collected), and service requirements. It s also important to note that a seamless, purely electronic registration process is likely to be perceived as more convenient than a system that uses the exchange of paper by mail, and this can increase the rate of registration completion. Authentication The authentication step lets the service provider assert that the user is who he pretends to be, and to grant or deny access to the service under that identity. A stronger authentication process increases the user s confidence in the service. For example, Bob will be more likely to use and promote the club if he is confident that his personal details and data, and the services he gained access to, are well protected. The user authentication process involves presenting an identity (name, nickname, certificate), and proof that a secret is shared between the user and the service provider. The authentication may be more or less secure depending on how the secret is protected. The proof exchanged between the parties may not be the secret (a password), but the result of a mathematical operation using the secret (in this case the secret may be called a key). In addition, the secret can be complemented by other factors, such as something that the user must have in his possession or something that authentically defines or belongs to the user (an identity trait). The authentication strength, that is, the confidence level that the user is who he claims to be, grows with the number of used factors. Single factor vs. multi-factor There are several authentication factors to consider: What the user knows: the secret (password, passphrase, PIN code, etc.) What the user owns: a token, PC, smartphone, etc. What the user is: the user s identity traits (fingerprints, voice, DNA, face, iris, vein network, etc.)
4 The very basic username/password authentication method uses only a what the user knows factor: it is a single-factor authentication method. A method based on a certificate (stored in a USB key or on a PC, for instance) and no password uses only a what the user owns factor: it is also a single-factor authentication method. A method based on a certificate but requires a password or a PIN code from the user is based on what the user owns and what the user knows factors: it is called a multi-factor authentication method. Multi-factor authentication is also called strong authentication. Strong authentication does not preclude the resistance or strength of the factors: A password can be weak, when susceptible to attacks using a dictionary or publicly known information about the user, or can be stronger when based on a long character suite that includes uppercase, lowercase, numeric, and symbol characters A key can be of varying length; the longer it is the more secure it is A certificate can be tamper-protected by smartcard hardware security, or stored on a PC or USB key where it is susceptible to duplication or tampering However, the overall security and access protection depends on the factor strength. This point needs to be taken into consideration when designing the system. Ownership factor The ownership factor ( what the user has ) needs to be deemed genuine by the service provider. Therefore, it is usually issued by the service provider at the registration step and consists of a certificate, comprising at a minimum of a user identifier digitally signed. When logging in to the service, the certificate is presented and the provider verifies the signature to assess its authenticity. In addition to being genuine, the ownership factor should be copy protected, to avoid duplication without the user knowledge. Knowledge factors As mentioned earlier, these are passwords, PIN codes, and other secrets that the user should present to prove his identity. As this information is confidential, it should not be exposed in any way. It makes sense to implement mechanisms where the secret is either verified locally in the terminal or at least used in such a way that it is not transferred as-is to the service provider. Inherence factors These who the user is factors are unambiguous and/or immutable data that identify a person. Biometrics data are among the inherence factors. Regardless of the location where this information is stored, it should be protected against modification, to insure they describe the right individual, and against unauthorized access, as they contain privacy critical information. Privacy Privacy of user identification data, as well as non-traceability of the services used is a key feature of the authentication service. To return to the Bob example, assume he s decided to use his club s credential to subscribe to another service. Bob doesn t want the new service to use non-required identity attributes to profile him. Nor does he want to be traced when browsing through the various services he has chosen. In some countries, there are regulatory bodies that ensure that user privacy is well implemented and respected before a service deployment is authorized. For instance, the default behavior of a system should not give it the ability to monitor user behavior at an atomic level. As a result, minimal disclosure policy, which only provides information required to exercise the service, should be the rule. For example, full name or national ID number are not used unless accessing a service that requires this information. Software vs. hardware (authentication) Software and hardware authentication differ in two main ways: Where the security credentials (the factor elements) are stored Where the authentication algorithm is executed
5 Software authentication refers to when there is no dedicated secure element to store the credentials and run the security algorithm, whereas hardware authentication describes cases where a dedicated element using secured smartcard technology hosts the critical items. Software authentication may also apply to implementations that use server storage and checking of credentials. Today s hardware tokens don t always take the form of a removable token such as a smartcard or a USB key - since more and more systems are equipped with an embedded secure element. Smartphones, tablet PCs and PCs that include Near Field Communication (NFC) can open the secure element for authentication applications. Software and hardware have their respective advantages and disadvantages, summarized in the table. Software Hardware Issuance Easy, possibly online More complex Security Low High Security portability Low High Privacy (by design) Low High Issuance Software has an advantage here as being purely dematerialized. The token is installed online and may be comprised of a certificate, key(s), an algorithm, and so on. Hardware is more complex to handle from an issuance perspective, since it involves personalization and the shipment of tokens. However, there are secured hardware tokens that the user can purchase in stores that can be personalized or bound to an online account. Security Software tokens are intrinsically easier to tamper with or duplicate. Since they reside on equipment connected to the internet, they are more subject to attacks by malware. Moreover, they are not protected by hardware firewalls and therefore are vulnerable to attacks of reverse engineering. Hardware tokens are based on smartcard technology, which is known for its tamper resistance. Information stored on the smartcard is protected by strong hardware firewalls and controlled by password or PIN code. The keys or credentials used by the authentication algorithms never leave the protected environment. Hardware tokens are also ideal for biometrics-based authentication, since user details are kept secure and private in a token and never exposed externally. Smartcard technology implements secure memories to store the critical data (PINs and keys) such that they cannot be read easily. The technology also implements countermeasures against various attacks on the cryptographic algorithms. With software implementations that use standard controllers and memories, the keys and PINs are stored in an unsecured environment. Furthermore, creating secure implementations of cryptographic algorithms poses a significant challenge. The security advantages of hardware tokens are acknowledged by the US National Institute of Standards and Technology (NIST) in their Electronic Authentication Guideline, where they state that hard cryptographic tokens are the only applicable technology for the highest level of authentication assurance 2). Security portability Hardware tokens offer intrinsically secure portability. A token can be used on any equipment providing this equipment can access it. These days, tokens with USB/contactless or smartcard ISO/contactless interfaces are available to secure PCs, NFC devices, and potentially smarttvs and game console devices. 2) Electronic Authentication Guideline, NIST Special Publication , December
6 Privacy (by design) Hardware tokens securely store the user s credentials and attributes, which can be verified locally without any unnecessary exposure to the outside world. Software authentication usually stores user attributes in a server belonging to the service provider, an identity provider or the service provider acting as identity provider for a third-party application. Storing attributes in a hardware token allows a straightforward minimum disclosure implementation that keeps all credentials under the user s direct control. It ensures that unnecessary details are kept hidden in the token and that only the required information is disclosed during the transaction. For instance, a service that requires the user to be more than 18 years old might provide the user with an older than 18 flag instead of asking for specific date of birth. Signature The signature is as important as authentication for maintaining the security of electronic transactions. In the real world, handwritten signatures are used to stipulate that all parties agree for a transaction. In case of dispute at a later stage, the signed contract serves as a reminder of the rights and duties the parties formally agreed to. Handwritten signatures are also used by people to verify and guarantee the validity of the information they provide when engaging in a business transaction or acknowledging the receipt of goods or information. Use cases for digital signature Online signature generation and verification respond to the same use cases as hand-written signatures in the real world. Our old friend Bob, a loyal tax-payer, has decided this year to fill out his tax forms online, through his government web-portal. He authenticates to the portal using his national electronic ID card and initiates a secure session over the internet connection. Once he has finished his tax declaration, Bob confirms that the editing session is complete. The tax declaration is then compiled in a document that Bob signs once he has given it a quick recheck, just as he would have done with a paper-based form. For the virtual digital signature process, Bob re-uses his national electronic ID card and confirms that he agrees with the document contents. This generates a formal signature that requires a specific validation, likely based on a new PIN code presentation. Once generated, the signature is sent to Bob s government portal and is appended to the declaration for future reference. Bob also receives a dated certificate of deposit, built using a similar signature process. Generally speaking, signature generation the proper document signing process- is employed when the user must give another party proof of acceptance or authenticity of a document. In the tax example, signing the online tax form engaged the responsibility of the signing party regarding the information provided. Signing a mail message will prove to the receiver that the sender is who he claims to be. Digitally signing a contract document proves that the signing party received and accepted the contract as-is. Requirements and features The algorithm for signature generation must guarantee that the signature is bound to the document it was generated with and only to that document. If the document is modified, the algorithm needs to produce a different signature regardless of the importance of the modification. The signature process should also date the signature with a timestamp. The signature verification process should check the signature against the related document and the signing party, and therefore control both the authenticity of the document presented and the identity of the signer. Signature algorithms rely on so-called public key cryptography. This technology involves a public key, bound to the user identity, and a private key. The signing operation consists of running an algorithm on the document (or a digest of the document) to build a signature using the private key. Signature verification involves applying reverse operation on the signature using the public key. If the operation results in the document or its digest, then the signature is verified. The basic principle is that only the private key holder can create a signature but everyone else can verify the signature using the public key. The signature can only be trusted if the user s private key is kept in a heavily secured area and never exposed, such as in a hardware token. The user s public key is also bound to the user s identity and is guaranteed by a trusted party. The same generation and verification algorithms are often used by secured authentication processes. If a user wants authentication to a service, he signs a piece of document (a challenge ) randomly issued by the service provider. The provider then verifies the signature and authenticates the user if it s correct. Again, only the holder of the private key which is typically buried in a smartcard can generate the signature and therefore successfully perform authentication.
7 Data encryption Another main challenge is data confidentiality, especially when data is transferred over the internet. As illustrated in the previous example, the hardware token is a highly secured placeholder for cryptographic keys. With the advent of portable data storage and cloud storage, user data privacy is at risk, which can be circumvented by data encryption. A hardware token can be used to encrypt/ decrypt the user s locally or remotely stored data. The challenge in this case is performance of the interface and the encryption/ decryption engine, which can significantly decrease data bandwidth. For encryption based on a hardware token, it s essential that the token can t be accessed by an attacker. Additional access protection to the token (e.g. via a PIN) is usually recommended to achieve Multi-Factor Authentication. Conclusion A good password can improve security, but today s users deal with so many online services that keeping track of a long list of different passwords is cumbersome and prone to error. Multi-factor authentication offers stronger, more convenient security than the traditional username/password method. Software tokens, such as certificates stored in a PC, can enhance authentication strength, but today s software solutions can t reach the level of tamper-resistance enabled by secure silicon technology. The smartcard has become a part of daily life. This technology, the first widely deployed enabler for multi-factor authentication, has proven its efficiency in reducing offline payment fraud and has helped drive success in GSM, 3G, and 4G cellular services by being an essential part of the security architecture. The expanded use of secured silicon technology will support the fight against identity theft and fraud, and has the potential to enable even more end-user services. Based on trusted security, a complete product portfolio and the best contactless performance, NXP is the leader in the overall ID market as well as in key market segments such as transport ticketing, egovernment, access, infrastructure, RFID/Authentication, payments, and NFC. NXP provides the entire ID market with end-to-end solutions, enabling customers to create trusted solutions for a smarter life.
8 NXP Semiconductors N.V. All rights reserved. Reproduction in whole or in part is prohibited without the prior written consent of the copyright owner. The information presented in this document does not form part of any quotation or contract, is believed to be accurate and reliable and may be changed without notice. No liability will be accepted by the publisher for any consequence of its use. Publication thereof does not convey nor imply any license under patent- or other industrial or intellectual property rights. Date of release: December 2012 Document order number: Printed in the Netherlands
Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware
How TraitWare TM Can Secure and Simplify the Healthcare Industry January 2015 Secure and Simplify Your Digital Life. Overview of HIPPA Authentication Standards When Title II of the Health Insurance Portability
Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services Over the past decade, the demands on government agencies to share information across the federal, state and local levels
Mobile multifactor security A revolution in authentication and digital signing Mobile multifactor security A revolution in authentication and digital signing Smartphones will continue to ship in high volumes,
Biometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19 Andrew Sessions, Abel Sussman Biometrics Consortium Conference Agenda
Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor
CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
INTRODUCTION AND HISTORY EMV is actually younger than we all may think as it only became available, as a specification that could be implemented, in 1996. The evolution of EMV can be seen in the development
Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates
Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark
Polling Question Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication. Please type in your response. This poll will close promptly at 1:00 pm CDT Getting the
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
Contents Pg. Introduction 2 Public key Infrastructure Basics 2 What is Public Key Infrastructure (PKI)? 2 What are Digital Signatures? 3 Salient features of the Electronic Transactions Act 2000 (as amended)
Secure communications via IdentaDefense How vulnerable is sensitive data? Communication is the least secure area of digital information. The many benefits of sending information electronically in a digital
Identify yourself securely. True Identity solution True Identity authentication and authorization for groundbreaking security across multiple applications including all online transactions Biogy Inc. Copyright
Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password
WEB SERVICES SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
Alternative authentication what does it really provide? Steve Pannifer Consult Hyperion Tweed House 12 The Mount Guildford GU2 4HN UK firstname.lastname@example.org Abstract In recent years many new technologies
KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com email@example.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric
Preventing fraud in epassports and eids Security protocols for today and tomorrow by Markus Mösenbacher, NXP Machine-readable passports have been a reality since the 1980s, but it wasn't until after 2001,
PopimsCard The magic card February 16. 2016 Franck GUIGAN firstname.lastname@example.org +33 6 14 63 93 36 We all need to identify other persons, but official documents are not safe: Authenticating an ID card
Authentication Solutions Versatile And Innovative Authentication Solutions To Secure And Enable Your Business SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime
CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge
Article Robust Signature Capture Using SigPlus Software Copyright Topaz Systems Inc. All rights reserved. For Topaz Systems, Inc. trademarks and patents, visit www.topazsystems.com/legal. Table of Contents
Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company
Homeland Security Presidential Directive 12 (HSPD 12) Overview Audio: Welcome to the Homeland Security Presidential Directive 12 (HSPD 12) overview module, the first in a series of informational modules
Levels of Assurance In Electronic Identity Considerations for Implementation Benjamin Oshrin Rutgers University March 2009 1 About This Presentation Based on what we think we re going to have to do Discussion
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime
IDENTITY & ACCESS Providing Cost-Effective Strong Authentication in the Cloud a brief for cloud service providers Introduction Interest and use of the cloud to store enterprise resources is growing fast.
and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
Chapter 4 Network-based Access Control 4.1 Rationale and Motivation Over the past couple of years, a multitude of authentication and access control technologies have been designed and implemented. Although
ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking,
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive
Modern two-factor authentication: Easy. Affordable. Secure. www.duosecurity.com Your systems and users are under attack like never before The last few years have seen an unprecedented number of attacks
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.
ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows
HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of
Longmai Mobile PKI Solution A quick Solution to External and Internal fraud in Insurance Industry Putting the client at the center of modernization Contents 1. INTRODUCTION... 3 1.1 Challenges... 3 1.2
White Paper: Multi-Factor Authentication Platform Version: 1.4 Updated: 29/10/13 Contents: About zero knowledge proof authentication protocols: 3 About Pairing-Based Cryptography (PBC) 4 Putting it all
Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks Whitepaper W H I T E P A P E R OVERVIEW Arcot s unmatched authentication expertise and unique technology give organizations
HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 1.1 Date : 3 March 2000 Prepared by : Information Technology Services Center Hong Kong University of Science
1 CHAPTER 1 INTRODUCTION 1.1 Introduction Letter is a written message from a person to another person in other meaning for communication between two people in another location. In an organization, letter
INTEGRATION GUIDE MS OUTLOOK 2003 VERSION 2.0 Document Code: ST_UT_MB_MSO_2.0_18042012 The data and information contained in this document cannot be altered without the express written permission of SecuTech
CMSGu2011-08 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Access Control National Computer Board Mauritius Version 1.0
SECURITY FOR ENTERPRISE TELEWORK AND REMOTE ACCESS SOLUTIONS Karen Scarfone, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Many people
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
Information Technology Security Guideline User Authentication Guidance for IT Systems ITSG-31 March 2009 March 2009 This page intentionally left blank March 2009 Foreword The User Authentication Guidance
Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary
+1-888-437-9783 email@example.com IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's
472 Hitachi Review Vol. 64 (2015), No. 8 Featured Articles Platform for a Safe, Secure, and Convenient Society Public s Infrastructure Yosuke Kaga Yusuke Matsuda Kenta Takahashi, Ph.D. Akio Nagasaka, Ph.D.
Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4
SBA Procedural Notice TO: All SBA Employees CONTROL NO.: 5000-1323 SUBJECT: Acceptance of Electronic Signatures in the 7(a) and 504 Loan Program EFFECTIVE: 10/21/14 The purpose of this Notice is to inform
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
Business Issues in the implementation of Digital signatures Much has been said about e-commerce, the growth of e-business and its advantages. The statistics are overwhelming and the advantages are so enormous
Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does
Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
Mobile Security Checklist An Easy, Achievable Plan for Security and Compliance Introduction Are mobile devices the weak link in your security defenses? Today, organizations are pouring millions of dollars
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
Enhancing network security through the authentication process Multi-Factor Authentication Passwords, Smart Cards, and Biometrics INTRODUCTION Corporations today are investing more time and resources on
Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
ARCHIVED PUBLICATION The attached publication, NIST Special Publication 800-63 Version 1.0.2 (dated April 2006), has been superseded and is provided here only for historical purposes. For the most current
More effective protection for your access control system with end-to-end security By Jeroen Harmsen The first article on end-to-end security appeared as long ago as 1981. The principle originated in ICT
Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate
Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION A SURVEY SHOWS THAT 90% OF ALL COMPANIES HAD BEEN BREACHED IN THE LAST 12 MONTHS. THIS PAIRED WITH THE FACT THAT THREATS
Understanding and Integrating KODAK Picture Authentication Cameras Introduction Anyone familiar with imaging software such as ADOBE PHOTOSHOP can appreciate how easy it is manipulate digital still images.
Your consent to our cookies if you continue to use this website.