Two-Factor Authentication Making Sense of all the Options

Size: px
Start display at page:

Download "Two-Factor Authentication Making Sense of all the Options"

Transcription

1 Two-Factor Authentication Making Sense of all the Options The electronic age we live in is under attack by information outlaws who love profiting from the good record of others. Now more than ever, organizations need a secure method to verify the identity of every person with whom they do business. The popular, yet archaic, method of relying on passwords alone is steadily dying. The new kid in town is two-factor authentication, designed to combat fraud and make the business world more secure. Two-factor authentication is a security process that confirms user identities using two distinctive factors something they have and something they know. By requiring two different forms of electronic identification, corporations reduce the risk of fraud and create greater assurance that the Internet is a safe place to do business. In a simplistic example, an automated teller machine (ATM) card and a personal identification number (PIN) represent a form of two-factor authentication. The ATM card and the PIN by themselves are useless to a prospective identity thief. Only when a person has and knows both factors can an identity be confirmed and access granted. This paper will explore the benefits of a variety of two-factor authentication methods and address possible applications for each method. Passwords are a common form of authentication, yet they are open to a broad array of security problems. Password Please? The Problems of Single- Factor Authentication That secret word you (and hopefully only you) know is designed to predominately grant passage or access to controlled information. Though widely adopted as a standard for user identification, passwords suffer from a variety of security limitations. Possible problems include: Keystroke Monitoring: Somewhere right now, someone is monitoring and storing every keystroke an executive is making on his or her keyboard. Using special software, passwords are easily lifted, leading to a potential security compromise. In more extreme situations, a monitor s emissions can be read and deciphered, revealing everything displayed on the screen. Rainbow Technologies Two-Factor Authentication White Paper

2 Peering over someone s shoulder with the intent of acquiring his or her password is one form of social engineering. Social Engineering: This form of attack preys on people to reveal passwords using social situational tactics or outright spying. For example, a smooth-talking impostor could persuade a company s staff member to reveal a password over the phone by claiming to be someone else and explaining that he or she has lost his or her login and password. Shoulder surfing is another example of social engineering that occurs when someone sneaks an overthe-shoulder peek while a user types a password. Man-in-the-Middle Attack: With this type of attack, a computer is set up as an interface between a client computer and the server that handles authentication. The computer in the middle accepts the client s password as if it were the server and logs in to the server using the client s identity. Server access is granted to the man in the middle, which in turn passes information to the client machine. The result is the client s unique login information has been taken without the user s knowledge. Network Monitoring: Also known as sniffing, network monitoring occurs when a computer on a network looks for message streams that contain words such as password or login. This is especially common in Ethernet networks where every computer on the network can easily read any network traffic. Streams containing passwords can be stored and used to gain unauthorized access. Password Cracking: Also known as a brute force attack, this type of security breach is a result of repeated login attempts with different key combinations or words. For example, there are many readily available applications designed to guess passwords by using dictionaries to look up common words, names of children and word combinations. Studies from the worldrenowned European Laboratory for Particle Physics (CERN) found that more than one in four passwords can be quickly determined with password cracking tools. Posting passwords on monitors is one of the most common ways that passwords are compromised. Key Under the Mat: One of the most common ways that passwords are compromised is when they are exposed to passerby s. Since the invention of the Post-It note, passwords have been pasted on monitors and in other obvious places for all to see. This is further complicated by a common pattern of using the same password for everything from voic access to an ATM PIN. If a single password is compromised, it is very easy to access other systems using the same password. IT Staff Abuse: If there is any group within a company that can access anyone s password information, it is the IT staff. Should these individuals become disgruntled or disenfranchised, the possibility for mayhem is great. The above list represents a small sample of the real-world problems that exist with password authentication. For systems that demand reliable security, a two-factor authentication system is an excellent option because it does not rely exclusively on a piece of knowledge, like a password. Rainbow Technologies Two-Factor Authentication White Paper

3 The ABC s of Two-Factor Authentication Two-factor authentication is comprised of something a user knows and something he or she has. Two-factor authentication is unique in its strength because it does not rely exclusively on something known by a user, but it adds something that he or she must have. This added factor is a physical device or some part of the user s body, such as a palm print. These devices or things that a user has are sometimes referred to as tokens. The token is unique and not easily replicable. Tokens generally can be disabled at a moment s notice, meaning their ability to serve as an authentication device can be immediately revoked. In addition, a two-factor authentication system is much less expensive to implement for vendors because a single token and PIN can be used for all authentication purposes from placing phone calls to purchasing books on the Internet. To review, two-factor authentication consists of: Something you have: This factor includes keys, cards, tokens and so on. These things can also be stolen or lost. Something you have can also be known as something you are, and includes physical or physiological characteristics such as a fingerprint or vocal patterns. Something you know: Passwords and PINs are examples of this factor. It is important to note that this knowledge can be lost, shared or guessed by others. The strength of a two-factor security system occurs when combining two factors. Consider a hypothetical example of losing a car key. The key is an example of the something you have factor. If the key is stolen in a single-factor security system, the likelihood of your car disappearing is great. However, a twofactor system removes the risk to your car. In this system, your car is inoperable without a unique PIN and the key. Thus, combining two security factors significantly increases the strength of a security system. Benefits of a Two-Factor System - Resistant to single-factor attacks including keystroke monitoring, social engineering, man-in-the-middle attacks, network monitoring, password cracking, key under the mat and IT staff abuse. - Difficult for a user to deny involvement in a transaction because users are held accountable for all actions resulting from a successful user authentication. - Less likely to lead to fraudulent or unauthorized access to corporate data. - Easy for end-users to use. - Durable and offers a long-term security solution. - Easy to administer. Rainbow Technologies Two-Factor Authentication White Paper

4 Two-Factor Authentication Options Two-factor authentication comes in many unique flavors and each type has benefits and disadvantages. Common methods include: Password Generation Tokens Password generation tokens create custom passwords each time they are activated. Biometrics measure unique bodily characteristics as a form of identification. A password generation token reveals a unique password to its owner each time it is used. The token removes the need to memorize passwords and ensures that the same password is never used twice. The secret password is generated from a secure algorithm that is based on both a unique user ID and the current time. In some form factors, a PIN is used to activate the card and assure that it becomes useless if it is lost or stolen. This type of authentication is sometimes called session-based authentication, since the authentication lasts for a period of time. Password generation tokens are reliable, very easy to use and can withstand physical abuse. Moreover, no special client hardware or readers are needed to use a password generator. Form factors include key chain devices and credit card-sized generators. Applications include intranet and extranet access control. User error is a common problem with password generators because users must manually enter each password during the authentication process. This extra step can be cumbersome when repeated many times and can increase the likelihood of repeated errors. Session-based authentication is vulnerable to session hijacking because the end-user is able to leave the computer unattended while the authenticated session is still active. In addition back-end management of password generation environments is time consuming and costly as databases and servers must be retooled to accommodate the changing password requirements. In addition, the cost of each token may be prohibitive (as much as $75 per token) for some applications. Finally, this type of two-factor authentication is not well-suited for a PKI environment because the user private key must be stored somewhere on the client s file system. This could be a local hard drive or stored within the network, leaving the key open to possible theft or interception when being retrieved. (Note: This is how RSA s KEON works. It stores Digital IDs in a secure place in the network that can be unlocked by an appropriate token.) Biometrics Biometrics, the measurement of unique physical or physiological characteristics of the human body, found early acceptance in highsecurity environments such as government security. Biometric measurements represent something that cannot be easily transferred between individuals, reducing the likelihood Rainbow Technologies Two-Factor Authentication White Paper

5 of fraud. Biometric authentication covers a broad spectrum of measurement techniques, from retinal scanning to voice verification. Some examples of the biometric methods employed today include: Fingerprint verification is the most common biometric authentication method used today. Fingerprint verification: Used by police organizations around the world, fingerprint verification is the most common biometric authentication method in use today. There are a variety of fingerprint verification methods, and some are more accurate than others. Improvements to scanning techniques and enrollment methods have reduced the instances of false rejection experienced in many early fingerprint verification systems. Workstation access is one of the most common business uses of fingerprint verification. Hand geometry: Hand geometry is the three-dimensional analysis of a user s hand and fingers. This form of biometric can be highly accurate and works well with larger groups of users. The downside to hand geometry is the large hand reader that is required. Hand geometry is most commonly used in time and recording environments. Voice verification: This form of biometric requires a user to speak a specified phrase into a microphone. Speech patterns are analyzed and compared to the user s prerecorded voiceprint. Many forms of voice verification are negatively influenced by background noise and low-quality transducers, which can cause false rejections. In addition, a cumbersome procedure is necessary to initially register a user s voice. Workstation access is a common use of voice verification. Retinal and iris scanning: These biometric processes involve examination of patterns found in the human eye. Retinal scanning is very accurate but requires a user to place his or her eye very close to a scanner. Users complain of intrusiveness and retinal scanning can be difficult to accomplish if the user is wearing glasses. Iris scanning does work with glasses and is highly accurate. Difficulty of use and system integration have been weaknesses of both systems. Perhaps the largest problem with biometric systems is false rejections denying access to legitimate users. Facial recognition: The latest solutions using inexpensive cameras combined with 3D techniques are beginning to appear. While these techniques need today s powerful PC systems, they are less intrusive than retinal/iris scanning. There are other biometric systems in use, including signature verification, scent analysis and earlobe recognition. Biometric systems are perceived as high-tech in nature and as being able to distinguish an individual s identity. However, there are many challenges to implement biometrics, including the cost of the devices and their accuracy. It is possible depending on the user group size for biometric systems to falsely reject real registered users or to not be able to distinguish between subtle differences of two similar individuals. In addition, if biometric images are stored and transmitted over a network for Rainbow Technologies Two-Factor Authentication White Paper

6 authentication, then the system may be less secure and open to theft or interception. Some systems actually store the original biometric image in the reader itself, never using a remote server for authentication. Unless properly protected, this could open a possible security loophole. Someone could hack the reader and force it to report a user confirmation when one did not transpire. Smart Cards and Smart Tokens Smart devices are the most widely adopted forms of two-factor authentication. Smart cards and smart tokens share similar underlying technology but rely on different form factors and equipment interfaces. Both types of smart devices contain tiny computer chips that store information, and in some cases, perform encryption techniques. Because these devices contain active components that are frequently be interrogated by software, cards and tokens can be used to provide an always-on authentication system. Therefore, smart devices represent the most widely adopted form of two-factor authentication. Smart Cards First introduced in Europe in the 1970s, smart cards have found large international acceptance with more than one billion cards shipped annually. A smart card is a credit card-sized device with an embedded computer chip. Generally speaking, a smart card must be inserted into a reader device for use. Memory cards rely on the reader to secure the data stored within the card. There are two types of smart cards: memory cards and microprocessor cards. A memory card stores information, much like a floppy disk, and is read when inserted into a reader device. Memory cards are less expensive than microprocessor cards and rely on the card reader for securing the data on the card. Memory cards tend to be used in lower-security environments because of their inability to perform encryption algorithms. A microprocessor smart card can store, add, delete and process data much like a tiny computer. A microprocessor smart card can download data and applications. The card itself offers security independent of the reader device, making it ideal for high-security applications. Microprocessor cards offer higher security because the user s private key never leaves the card. With microprocessor smart cards, a user s private key is securely stored within the smart card and never leaves the card. Using the onboard processor, all cryptographic functions, including digital signatures and decryption of session keys, occur inside the card. Smart cards are small, easy to transport and difficult to replicate. Smart card applications range from mobile phone identification to satellite television control. Internationally, banks have distributed smart cards to millions of customers to increase the security of Rainbow Technologies Two-Factor Authentication White Paper

7 credit and ATM cards. Telephone operators and other industries run pre-payment systems using smart cards. In Germany, 80 million people use smart cards to access Germany s national health system. Smart cards have their disadvantages as well. Hooking up smart card readers to computer systems can be a very time-consuming process. A recent study by the U.S.A. military estimated that the average time to install and configure a smart card reader onto an existing Windows system takes more than 30 minutes. Smart Tokens Smart tokens are the same as smart cards but come in different form factors and use different interfaces. Smart tokens are technologically identical to smart cards with the exception of their form factor and interface. Smart tokens are similar in size to a house key and are designed to interface with the Universal Standard Bus (USB) ports found on millions of computers and peripheral devices. Like smart cards, smart tokens are available in both memory and microprocessor variations. USB-based smart tokens provide unique advantages in corporate IT environments. Smart card readers are not required because smart tokens simply plug into USB ports commonly found on most modern computer keyboards and on some monitors. Most recent popular Operating Systems have USB drivers built-in that utilize plug-and-play techniques to load the required Smart Token drivers. USB smart tokens can be much faster due to the high-speed of USB than the traditional parallel or comm. port-connected smart card reader. In addition, USB smart tokens are easy to use and designed to fit on a key chain. Studies have shown that when presented with a choice between a smart card or a smart token, 95% of users prefer the smart token. Of all the two-factor authentication devices in use today, smart devices are the most widely accepted and the most secure for high security and PKI applications because they can provide always-on authentication Rainbow Technologies Two-Factor Authentication White Paper

8 Smart Tokens: How They Work When a smart token is initialized, a shared secret or key is generated from the vendor s server and placed in the token. The shared secret is an electronic piece of data that plays an important role in authenticating the user and is not known by the user. When the user receives the smart token, he or she activates it with a custom PIN. The shared secret stored within the token creates the first factor. The PIN creates the second factor. Authentication will only be granted when both factors are present. A TYPICAL SMART DEVICE AUTHENTICATION PROCESS The smart token authentication process begins when a user plugs his or her smart token into a spare USB port. This represents the first factor: something the user has. The second factor is accomplished when the user enters his or her PIN: something the user knows. The server reads the user s unique token identifier or serial number to determine if it is a known token. The server then sends the client a random string of data as a challenge, designed to help authenticate the user s identity. The client creates a message digest by processing the challenge data with his or her shared secret or key. The client digest, also known as a response, is then transmitted to the server. Using the token s serial number, the server locates within its database a copy of the user s shared secret. The server uses the shared secret to process the random string of data sent to the client, Rainbow Technologies Two-Factor Authentication White Paper

9 resulting in a server digest. If the client and the server digests match, the client is authenticated. Recent progress with biometrics has seen PIN entry replaced by either fingerprint or facial scans. Here at enrollment, the user s biometric is taken and verified before being stored as a template on the smart token. Subsequently, when needed, the smart token is inserted into the USB port. The client software then asks the user for a biometric; e.g.: a fingerprint or facial scan, which it compares with the stored template. If there is a match, then the client authentication continues as above. In this example, three factors have been utilized: the token (something you have), the biometric PIN, and the shared secret (something you know) that has been released. The Next Wave of User Authentication SSL User Authentication The next generation of two-factor authentication is known as SSL user authentication (SSL/UA), which involves public key infrastructure technology (PKI) and the secure socket layer (SSL). For an overview of PKI and SSL see Rainbow white papers Public Key Infrastructure Securing the Future of Communication and The Secure Sockets Layer Protocol Enabling Secure Web Transactions. With SSL/UA, the client contacts the server via SSL and a onetime symmetric session key is generated. The client signs the session key with his or her digital signature (generated within the smart token) and encrypts the resulting data using the server s public key. The server receives the signed and encrypted information from the client, decrypts it using the server s private key and validates the client s digital signature and digital certificate via normal PKI methods. The server then checks its own database to determine if the user s digital certificate is among those authorized to use the service. If the certificate is confirmed and the user is authorized, the client session is authenticated. The server sends back an authorization by encrypting it with the one time session key. All future communication is encrypted and decrypted with the symmetric key. With SSL/UA there is no management of a shared secret, instead it is replaced by the digital certificate. Using the digital certificate makes SSL/UA a more widely adapted security approach because certificates can be easily shared, yet corresponding digital signatures can only be generated by using the associated private key. Storing the private key within a cryptographic token provides a higher security assurance because of the benefits of PKI. Rainbow Technologies Two-Factor Authentication White Paper

10 Rainbow s Two-Factor Authentication Products Founded in 1984, Rainbow Technologies is a leading provider of security solutions for the Internet and ecommerce. Rainbow products bring high-performance, secure, PKI-based solutions to end-users and corporations. Rainbow s ikey 2000 is a USB-based portable PKI authentication token that can generate and store private cryptographic keys and digital certificates on a device small enough to fit on a key chain. An extension of smart card technology, the ikey 2000 simply plugs into any USB port and provides strong always-on user authentication without the need for costly reader devices. The ikey 2000 was designed to support a wide range of desktop applications and portable systems. Rainbow also offers a memory-based smart device, the ikey 1000, which again can provide always-on user authentication and is ideally suited for moderate-security authentication applications that do not need to generate cryptographic keys or store digital certificates. For more information about Rainbow Technologies and Rainbow products, visit Rainbow Technologies Two-Factor Authentication White Paper

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 10 Authentication and Account Management Objectives Describe the three types of authentication credentials Explain what single sign-on

More information

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies

More information

IDRBT Working Paper No. 11 Authentication factors for Internet banking

IDRBT Working Paper No. 11 Authentication factors for Internet banking IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased

More information

CSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

CSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics

More information

Multi-factor authentication

Multi-factor authentication CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL

More information

Learning Objectives. attacks. 2. Describe the common security practices of businesses of

Learning Objectives. attacks. 2. Describe the common security practices of businesses of E-Commerce Security Learning Objectives 1. Document the trends in computer and network security attacks. 2. Describe the common security practices of businesses of all sizes. 3. Understand the basic elements

More information

3D PASSWORD. Snehal Kognule Dept. of Comp. Sc., Padmabhushan Vasantdada Patil Pratishthan s College of Engineering, Mumbai University, India

3D PASSWORD. Snehal Kognule Dept. of Comp. Sc., Padmabhushan Vasantdada Patil Pratishthan s College of Engineering, Mumbai University, India 3D PASSWORD Tejal Kognule Yugandhara Thumbre Snehal Kognule ABSTRACT 3D passwords which are more customizable and very interesting way of authentication. Now the passwords are based on the fact of Human

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

Advanced Authentication

Advanced Authentication White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is

More information

Multi-Factor Authentication

Multi-Factor Authentication Enhancing network security through the authentication process Multi-Factor Authentication Passwords, Smart Cards, and Biometrics INTRODUCTION Corporations today are investing more time and resources on

More information

Research Article. Research of network payment system based on multi-factor authentication

Research Article. Research of network payment system based on multi-factor authentication Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor

More information

Biometrics is the use of physiological and/or behavioral characteristics to recognize or verify the identity of individuals through automated means.

Biometrics is the use of physiological and/or behavioral characteristics to recognize or verify the identity of individuals through automated means. Definition Biometrics is the use of physiological and/or behavioral characteristics to recognize or verify the identity of individuals through automated means. Description Physiological biometrics is based

More information

W.A.R.N. Passive Biometric ID Card Solution

W.A.R.N. Passive Biometric ID Card Solution W.A.R.N. Passive Biometric ID Card Solution Updated November, 2007 Biometric technology has advanced so quickly in the last decade that questions and facts about its cost, use, and accuracy are often confused

More information

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics

More information

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques Computer Security process of reliably verifying identity verification techniques what you know (eg., passwords, crypto key) what you have (eg., keycards, embedded crypto) what you are (eg., biometric information)

More information

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services Over the past decade, the demands on government agencies to share information across the federal, state and local levels

More information

WHITE PAPER Usher Mobile Identity Platform

WHITE PAPER Usher Mobile Identity Platform WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction

More information

solutions Biometrics integration

solutions Biometrics integration Biometrics integration Challenges Demanding access control and identity authentication requirements drive the need for biometrics. Regulations such as Sarbanes-Oxley (SOX), Health Insurance Portability

More information

Multifactor authentication systems Jiří Sobotka, Radek Doležel

Multifactor authentication systems Jiří Sobotka, Radek Doležel Multifactor authentication systems Jiří Sobotka, Radek Doležel Fakulta elektrotechniky a komunikačních technologií VUT v Brně Email: sobotkaj@feec.vutbr.cz Fakulta elektrotechniky a komunikačních technologií

More information

That Point of Sale is a PoS

That Point of Sale is a PoS SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach

More information

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric

More information

Two-Factor Authentication and Swivel

Two-Factor Authentication and Swivel Two-Factor Authentication and Swivel Abstract This document looks at why the username and password are no longer sufficient for authentication and how the Swivel Secure authentication platform can provide

More information

The 4 forces that generate authentication revenue for the channel

The 4 forces that generate authentication revenue for the channel The 4 forces that generate authentication revenue for the channel Web access and the increasing availability of high speed broadband has expanded the potential market and reach for many organisations and

More information

Digital Signatures on iqmis User Access Request Form

Digital Signatures on iqmis User Access Request Form Digital Signatures on iqmis User Access Request Form When a user clicks in the User Signature block on the iqmis Access Form, the following window appears: Click Save a Copy and rename it with your name,

More information

Case for Strong User Authentication By Mark Lobel, Manager, TRS, PricewaterhouseCoopers

Case for Strong User Authentication By Mark Lobel, Manager, TRS, PricewaterhouseCoopers Case for Strong User Authentication By Mark Lobel, Manager, TRS, PricewaterhouseCoopers In 1994, Citibank learned a ten million dollar lesson in user authentication. A 34-year-old Russian and his accomplices

More information

Voice Authentication for ATM Security

Voice Authentication for ATM Security Voice Authentication for ATM Security Rahul R. Sharma Department of Computer Engineering Fr. CRIT, Vashi Navi Mumbai, India rahulrsharma999@gmail.com Abstract: Voice authentication system captures the

More information

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to

More information

Secure Data Exchange Solution

Secure Data Exchange Solution Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates

More information

ADVANCE AUTHENTICATION TECHNIQUES

ADVANCE AUTHENTICATION TECHNIQUES ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking,

More information

22 nd NISS Conference

22 nd NISS Conference 22 nd NISS Conference Submission: Topic: Keywords: Author: Organization: Tutorial BIOMETRICS - DEVELOPING THE ARCHITECTURE, API, ENCRYPTION AND SECURITY. INSTALLING & INTEGRATING BIOMETRIC SYSTEMS INTO

More information

User Authentication Methods for Mobile Systems Dr Steven Furnell

User Authentication Methods for Mobile Systems Dr Steven Furnell User Authentication Methods for Mobile Systems Dr Steven Furnell Network Research Group University of Plymouth United Kingdom Overview The rise of mobility and the need for user authentication A survey

More information

May 2010. For other information please contact:

May 2010. For other information please contact: access control biometrics user guide May 2010 For other information please contact: British Security Industry Association t: 0845 389 3889 f: 0845 389 0761 e: info@bsia.co.uk www.bsia.co.uk Form No. 181.

More information

Sync Security and Privacy Brief

Sync Security and Privacy Brief Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical

More information

Strong Authentication for Secure VPN Access

Strong Authentication for Secure VPN Access Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations

More information

Application-Specific Biometric Templates

Application-Specific Biometric Templates Application-Specific Biometric s Michael Braithwaite, Ulf Cahn von Seelen, James Cambier, John Daugman, Randy Glass, Russ Moore, Ian Scott, Iridian Technologies Inc. Introduction Biometric technologies

More information

French Justice Portal. Authentication methods and technologies. Page n 1

French Justice Portal. Authentication methods and technologies. Page n 1 French Justice Portal Authentication methods and technologies n 1 Agenda Definitions Authentication methods Risks and threats Comparison Summary Conclusion Appendixes n 2 Identification and authentication

More information

E-Commerce Security and Fraud Protection CHAPTER 9

E-Commerce Security and Fraud Protection CHAPTER 9 E-Commerce Security and Fraud Protection CHAPTER 9 LEARNING OBJECTIVES 1. Understand the importance and scope of security of information systems for EC. 2. Describe the major concepts and terminology of

More information

A Security Survey of Strong Authentication Technologies

A Security Survey of Strong Authentication Technologies A Security Survey of Strong Authentication Technologies WHITEPAPER Contents Introduction... 1 Authentication Methods... 2 Classes of Attacks on Authentication Mechanisms... 5 Security Analysis of Authentication

More information

Two Factor Authentication for VPN Access

Two Factor Authentication for VPN Access Trends in cloud computing, workforce mobility, and BYOD policies have introduced serious new vulnerabilities for enterprise networks. Every few weeks, we learn about a new instance of compromised security.

More information

Cent ralized Out -Of-Band Aut hent ic at ion Syst em. Authentication Security for the 21 st Century

Cent ralized Out -Of-Band Aut hent ic at ion Syst em. Authentication Security for the 21 st Century Cent ralized Out -Of-Band Aut hent ic at ion Syst em Security for the 21 st Century Presented by: Southeast Europe Cybersecurity Conference Sophia, Bulgaria September 8-9, 2003 Introduction Organizations

More information

How Secure is your Authentication Technology?

How Secure is your Authentication Technology? How Secure is your Authentication Technology? Compare the merits and vulnerabilities of 1.5 Factor Authentication technologies available on the market today White Paper Introduction A key feature of any

More information

Guide to Evaluating Multi-Factor Authentication Solutions

Guide to Evaluating Multi-Factor Authentication Solutions Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor

More information

2 factor + 2. Authentication. way

2 factor + 2. Authentication. way 2 factor + 2 way Authentication Deepnet DualShield is an open, unified authentication platform that enables multi-factor strong authentication across diverse applications, users and security tokens. 5

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

Enova X-Wall LX Frequently Asked Questions

Enova X-Wall LX Frequently Asked Questions Enova X-Wall LX Frequently Asked Questions Q: What is X-Wall LX? A: X-Wall LX is the third generation of Enova real-time hard drive cryptographic gateway ASIC (Application Specific Integrated Circuit)

More information

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government Briefing W. Frisch 1 Outline Digital Identity Management Identity Theft Management

More information

Accessing the bank account without card and password in ATM using biometric technology

Accessing the bank account without card and password in ATM using biometric technology Accessing the bank account without card and password in ATM using biometric technology Mini Agarwal [1] and Lavesh Agarwal [2] Teerthankar Mahaveer University Email: miniagarwal21@gmail.com [1], lavesh_1071985@yahoo.com

More information

Authentication in an Internet Banking Environment

Authentication in an Internet Banking Environment Federal Financial Institutions Examination Council FFIEC Logo 3501 Fairfax Drive Room 3086 Arlington, VA 22226-3550 (703) 516-5588 FAX (703) 516-5487 http://www.ffiec.gov Authentication in an Internet

More information

Token User Guide. Version 1.0/ July 2013

Token User Guide. Version 1.0/ July 2013 Token User Guide Version 1.0/ July 2013 Index Overview... 3 Usage requirements... 4 KIT contents... 5 Smart Card installation... 6 Reader driver installation... 7 In the case of Windows XP... 7 In the

More information

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Enhancing Organizational Security Through the Use of Virtual Smart Cards Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company

More information

Biometrics in Physical Access Control Issues, Status and Trends White Paper

Biometrics in Physical Access Control Issues, Status and Trends White Paper Biometrics in Physical Access Control Issues, Status and Trends White Paper Authored and Presented by: Bill Spence, Recognition Systems, Inc. SIA Biometrics Industry Group Vice-Chair & SIA Biometrics Industry

More information

Aegis Padlock for business

Aegis Padlock for business Aegis Padlock for business Problem: Securing private information is critical for individuals and mandatory for business. Mobile users need to protect their personal information from identity theft. Businesses

More information

Strong Authentication. Securing Identities and Enabling Business

Strong Authentication. Securing Identities and Enabling Business Strong Authentication Securing Identities and Enabling Business Contents Contents...2 Abstract...3 Passwords Are Not Enough!...3 It s All About Strong Authentication...4 Strong Authentication Solutions

More information

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) WHITE PAPER Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) SEPTEMBER 2004 Overview Password-based authentication is weak and smart cards offer a way to address this weakness,

More information

Economic and Social Council

Economic and Social Council UNITED NATIONS E Economic and Social Council Distr. GENERAL ECE/TRANS/WP.30/AC.2/2008/2 21 November 2007 Original: ENGLISH ECONOMIC COMMISSION FOR EUROPE Administrative Committee for the TIR Convention,

More information

Remote Access Security

Remote Access Security Glen Doss Towson University Center for Applied Information Technology Remote Access Security I. Introduction Providing remote access to a network over the Internet has added an entirely new dimension to

More information

Remote Access Securing Your Employees Out of the Office

Remote Access Securing Your Employees Out of the Office Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction

More information

Framework for Biometric Enabled Unified Core Banking

Framework for Biometric Enabled Unified Core Banking Proc. of Int. Conf. on Advances in Computer Science and Application Framework for Biometric Enabled Unified Core Banking Manohar M, R Dinesh and Prabhanjan S Research Candidate, Research Supervisor, Faculty

More information

Moving to Multi-factor Authentication. Kevin Unthank

Moving to Multi-factor Authentication. Kevin Unthank Moving to Multi-factor Authentication Kevin Unthank What is Authentication 3 steps of Access Control Identification: The entity makes claim to a particular Identity Authentication: The entity proves that

More information

Securing corporate assets with two factor authentication

Securing corporate assets with two factor authentication WHITEPAPER Securing corporate assets with two factor authentication Published July 2012 Contents Introduction Why static passwords are insufficient Introducing two-factor authentication Form Factors for

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information

Deploying Smart Cards in Your Enterprise

Deploying Smart Cards in Your Enterprise www.css-security.com 425.216.0720 WHITE PAPER The merging of physical access technology with public key-enabled smart card technology has been an emerging trend that has occurred in the security industry

More information

Target Security Breach

Target Security Breach Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected

More information

RSA SecurID Two-factor Authentication

RSA SecurID Two-factor Authentication RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial

More information

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human Int Jr of Mathematics Sciences & Applications Vol3, No1, January-June 2013 Copyright Mind Reader Publications ISSN No: 2230-9888 wwwjournalshubcom Mathematical Model Based Total Security System with Qualitative

More information

Data Security 2. Implement Network Controls

Data Security 2. Implement Network Controls UNIT 19 Data Security 2 STARTER Consider these examples of computer disasters. How could you prevent them or limit their effects? Compare answers within your group. 1 You open an email attachment which

More information

Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager

Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords Mika Devonshire Associate Product Manager 1 Agenda 2 What is Cybersecurity? Quick overview of the core concepts 3 Cybercrime

More information

Secure Web Access Solution

Secure Web Access Solution Secure Web Access Solution I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. E-CODE SECURE WEB ACCESS SOLUTION... 3 OVERVIEW... 3 PKI SECURE WEB ACCESS... 4 Description...

More information

White Paper. The risks of authenticating with digital certificates exposed

White Paper. The risks of authenticating with digital certificates exposed White Paper The risks of authenticating with digital certificates exposed Table of contents Introduction... 2 What is remote access?... 2 Authentication with client side digital certificates... 2 Asymmetric

More information

Computers and Society: Security and Privacy

Computers and Society: Security and Privacy 1 Chapter 12 Computers and Society: Security and Privacy 2 Chapter 12 Objectives 3 Computer Security: Risks and Safeguards What is a computer security risk? 4 Computer Security: Risks and Safeguards 1

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control Fundamentals Objectives Define access control and list the four access control models Describe logical access control

More information

Interlink Networks RAD-Series AAA Server and RSA Security Two-Factor Authentication

Interlink Networks RAD-Series AAA Server and RSA Security Two-Factor Authentication Interlink Networks RAD-Series AAA Server and RSA Security Two-Factor Authentication As the world increasingly depends on computers to do business, the need for safeguarding computer resources also increases.

More information

DigitalPersona, Inc. Creating the authentication infrastructure for a digital world.

DigitalPersona, Inc. Creating the authentication infrastructure for a digital world. DigitalPersona, Inc. Creating the authentication infrastructure for a digital world. Rising Security Needs Secure Access Control is Critical Users Access Security Information Engineering, Intellectual

More information

A brief on Two-Factor Authentication

A brief on Two-Factor Authentication Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.

More information

True Identity solution

True Identity solution Identify yourself securely. True Identity solution True Identity authentication and authorization for groundbreaking security across multiple applications including all online transactions Biogy Inc. Copyright

More information

86-10-15 The Self-Hack Audit Stephen James Payoff

86-10-15 The Self-Hack Audit Stephen James Payoff 86-10-15 The Self-Hack Audit Stephen James Payoff As organizations continue to link their internal networks to the Internet, system managers and administrators are becoming increasingly aware of the need

More information

ACER ProShield. Table of Contents

ACER ProShield. Table of Contents ACER ProShield Table of Contents Revision History... 3 Legal Notices... 4 Executive Summary... 5 Introduction... 5 Protection against unauthorized access... 6 Why ACER ProShield... 7 ACER ProShield...

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Identification and Authentication Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access: a big picture 1. Identification Which object O requests

More information

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

White Paper: Multi-Factor Authentication Platform

White Paper: Multi-Factor Authentication Platform White Paper: Multi-Factor Authentication Platform Version: 1.4 Updated: 29/10/13 Contents: About zero knowledge proof authentication protocols: 3 About Pairing-Based Cryptography (PBC) 4 Putting it all

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

Secure communications via IdentaDefense

Secure communications via IdentaDefense Secure communications via IdentaDefense How vulnerable is sensitive data? Communication is the least secure area of digital information. The many benefits of sending information electronically in a digital

More information

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of

More information

Guidance on Multi-factor Authentication

Guidance on Multi-factor Authentication Guidance on Multi-factor Authentication June 2006 Guidance on Multi-factor Authentication Guidance on Multi-factor Authentication State Services Commission June 2006 Version 1.0 ISBN 0-478-24466-5 Crown

More information

AUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes

AUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes AUTHENTIFIERS Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes Authentify delivers intuitive and consistent authentication technology for use with smartphones,

More information

White Paper. The Principles of Tokenless Two-Factor Authentication

White Paper. The Principles of Tokenless Two-Factor Authentication White Paper The Principles of Tokenless Two-Factor Authentication Table of contents Instroduction... 2 What is two-factor authentification?... 2 Access by hardware token... 3 Advantages and disadvantages

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

Security Management. Keeping the IT Security Administrator Busy

Security Management. Keeping the IT Security Administrator Busy Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching

More information

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates

More information

Enhancing Web Application Security

Enhancing Web Application Security Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor

More information

Virtual Private Networks (VPN) Connectivity and Management Policy

Virtual Private Networks (VPN) Connectivity and Management Policy Connectivity and Management Policy VPN Policy for Connectivity into the State of Idaho s Wide Area Network (WAN) 02 September 2005, v1.9 (Previous revision: 14 December, v1.8) Applicability: All VPN connections

More information

Full Drive Encryption Security Problem Definition - Encryption Engine

Full Drive Encryption Security Problem Definition - Encryption Engine 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Full Drive Encryption Security Problem Definition - Encryption Engine Introduction for the FDE Collaborative Protection Profiles

More information

Keystroke Encryption Technology Explained

Keystroke Encryption Technology Explained Keystroke Encryption Technology Explained Updated February 9, 2008 information@bluegemsecurity.com (800) 650-3670 www.bluegemsecurity.com Executive Summary BlueGem Security is introducing keystroke encryption

More information

Confidence in Commerce: Enabling e-banking and online services with two-factor authentication

Confidence in Commerce: Enabling e-banking and online services with two-factor authentication Abstract The combination of online banking s rising popularity and the increasing number of online services offered by financial organizations indicates a bright future for e-banking. However, to maximize

More information

Getting a Secure Intranet

Getting a Secure Intranet 61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like

More information

HARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY

HARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY HARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY INSTEAD OF A SECURITY PROBLEM, ENDPOINTS BECOME PART OF THE SECURITY SOLUTION SUMMARY The internet and mobility have made enterprise

More information

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Driving Company Security is Challenging. Centralized Management Makes it Simple. Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary

More information

Alternative authentication what does it really provide?

Alternative authentication what does it really provide? Alternative authentication what does it really provide? Steve Pannifer Consult Hyperion Tweed House 12 The Mount Guildford GU2 4HN UK steve.pannifer@chyp.com Abstract In recent years many new technologies

More information

Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION

Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION A RECENT SURVEY SHOWS THAT 90% OF ALL COMPANIES HAD BEEN BREACHED IN THE LAST 12 MONTHS. THIS PARED WITH THE FACT THAT

More information

The Convergence of IT Security and Physical Access Control

The Convergence of IT Security and Physical Access Control The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which

More information