SlideShare une entreprise Scribd logo

Transecq ITA

T
transecq

The Transecq Platform is an interactive electronic security platform on your mobile phone. The software creates a secure authentication environment that can be used in a wide variety of applications. The Transecq Platform™ uniquely identifies a mobile phone user and thus enables a secure channel between any institution and their customers. This innovative technology makes it possible to transact, authenticate and send messages without the possibility of perpetrators intercepting the communication or taking action on someone else’s behalf, therefore eliminating fraud, identity theft phishing and even SIM-cloning.

TechnologieBusiness
1  sur  4
Télécharger pour lire hors ligne
Transecq Two-Factor Authentication The need for stronger authentication mechanisms Establishing the true identity of an online user is often a tricky task. Traditionally, users have been identified by means of a username and password. Once these credentials are supplied, a user is usually granted unconditional access to the system. In the case of online transaction systems, it is vital that someone does not gain unauthorized access enabling them to commit some level of fraud. As the Internet is becoming more central to everyone’s day-to-day life, an increasing number of services are being made available online. This includes sensitive services such as online banking, online purchases, restricted remote system access and many more. Along with this trend, fraud is also increasing at an alarming rate, exploiting the security loopholes in existing information infrastructure. With the widespread use of exploits such as MITM (Man-In-The- Middle), MITB (Man-In-The-Browser), keystroke logging, phishing and various TEMPEST methods, additional means of online user identification and transaction verification becomes an absolute necessity. A username and password is no longer sufficient to identify a user. The path to a viable solution A user validation concept that has been around for a couple of years is two-factor authentication. A simple username and Furthermore scalability becomes problematic, as well as the password employed for remote authentication is considered a considerable expenses involved to provision, manage and replace single factor of authentication. By providing an additional, different all the physical hardware devices. means of authentication, a second factor is introduced into the Solving the problems of token devices, mobile one-time passwords authentication process allowing two-factor (or multiple-factor) (OTP’s) do go a long way. However, technically it is still very similar authentication. to hardware tokens. OTP’s as a second factor of authentication are A true second factor is usually implemented as something a user usually provisioned to a mobile phone via an SMS (text message) has or possesses, while the traditional username and password sent from the authentication system, normally a bank, and should (first factor) are things the user knows; a perpetrator would have to be entered into the system to complete authentication. gain access to the knowledge (passwords) and the physical item Users always have their phones with them, and a unique bond to be able to authenticate as someone else. between a user and a phone can easily be established. However, Hardware tokens are popular second factors. The user carries a SMS messaging does have drawbacks. Being a store-and-forward small device capable of generating some unique authentication technology, delivery delays often occur and various loopholes for number (token) that can be entered into the authentication interception also clouds the integrity of this technology: especially platform. The system usually employs some mathematical method since SMS contents is sent in plaintext. Another important point is to determine if this token indeed belongs to the specified user. the cost of sending these messages to users. Banking institutions So in addition to the facts the user should know (username and deploy significant resources to send and manage OTP’s via SMS. password), he also needs to be in possession of the hardware Various systems in the market generate an OTP on the mobile token device to successfully authenticate and gain access to the device, via applications written mostly in JAVA, although other system. platform specific applications are not uncommon. This model Some problems do, however, exist around hardware tokens. Since eliminates the costs and problems around SMS OTP delivery, the user is required to constantly carry the device, it is easily lost since the user is now capable of generating an OTP at any time, and also impacts negatively on the mobile appeal of the solution. using only their mobile phone. Tel. 678.466.6772 | info@transecq.com | www.transecq.com
Transecq Two-Factor Authentication A novel way of authentication Although a cost-effective and more convenient solution, this still Transecq’s Interactive Transaction Authentication (ITA) system is does not address the most important shortcoming of OTP’s. True a complete solution to all the authentication problems plaguing two-factor authentication can only be reached when the second the industry today, by approaching the problem holistically factor is totally out of band. Simply put, the second factor of and enabling second factor authentication, with bidirectional authentication should not re-use the communication channel of (encrypted) out-of-band data transmission. ITA consists of a high the first factor (username and password). All OTP/token solutions performance socket server receiving authentication requests from rely on the fact that the token or number is entered into the same a workflow engine (through ISO8583, OpenID, RADIUS, LDAP or system the username and password was entered. This simple SOAP) and relaying the messages to a corresponding user by fact exposes the system to a whole range of vulnerabilities sending the messages to an application on their mobile phone for for perpetrators to abuse. By successfully attacking the main approval by the user. communication channel (usually the Internet), perpetrators The ITA application on the mobile phone is available for the effectively compromise both authentication factors. following platforms: Gartner states in its report “Where Strong Authentication Fails and • J2ME (MIDP 2.0) What You Can Do About It” (G00173132) that any authentication • Android method relying on browser communications can be defeated. They further go on to note that even techniques relying on out- • iPhone of-band phone calls can be thwarted because of the simplicity of • BlackBerry forwarding a phone call to another number. The Transecq solution • Windows Mobile described in this paper is unique in the fact that it adheres to all • As a USSD network service for phones not supporting the of Gartner’s recommendations and is impervious to the attacks above applications plaguing the industry today. A standard attack scenario can be described as follows: A user opens a phishing site masquerading as the real website. He supplies his username and password. The fake site immediately enters these credentials into the real site using an automated script, causing an OTP to be sent to the user’s phone (or prompts the user to generate an OTP from a token generating device). At this stage any SiteKey or SurePhrase messages are also duplicated from the real site to the fake site, further strengthening the apparent legitimacy of the system. The fake site now prompts the user to enter this OTP that they generated, or by now received from the real site. At this stage, the fake site has enough details to log in to the user’s account, and transact fraudulently. AT&T 12:34 PM Transecq Mobile A truly secure two-factor solution can only be considered employing strong authentication when the second factor is completely Transecq Mobile 12:00 PM Transecq Mobile isolated and the complete loop is totally out of band with respect to the first factor. Only a system meeting these requirements would ept t t f $2495.95 9 Accept payment of $2495.95 be truly reliable in maintaining authentication integrity. Acceptt t f $2495.95 9 Accept payment of $2495.95 m d from vendor GENSTORE? Reject Accept from vendor GENSTORE? Reject Accept Once authenticated, a user should additionally be required to Acceptt t f $2495. $2495. Accept payment of $2495.95 GENSTORE from vendor GENSTORE? Reject Reject Accept Accept authenticate certain key procedures within the online/remote Reject Reject Accept Accept session - for example making beneficiary payments in an online # @ banking environment. SSL/TLS, although in essence still secure, Q 1 w 2 3 ( ) _ - 0 + P E R Y U I T *A 4 5 6 ; , “ del is by its self is no longer sufficient to protect against interception S D F / G H : J K L alt 7 8 9 ? ! , . techniques taking advantage of software implementation Z X C V B N M $ aA 0 space sym aA vulnerabilities. Therefore transaction verification totally eliminates any kind of MITM and MITB attacks, since each transaction is verified out of band in a secure and isolated authentication loop. Tel. 678.466.6772 | info@transecq.com | www.transecq.com
Transecq Two-Factor Authentication The Transecq ITA platform can identify each mobile phone in the No matter what type of attack occurs (i.e. even if a transaction world uniquely by automatically issuing each client’s phone with is changed or manipulated by a fraudster) the actual transaction a Digital Fingerprint, also called a X.509 client side certificate occurring at the bank is sent directly to the specific user over an enabling bilateral certificate validation, issued from Transecq’s encrypted second band accessible only to the specific paired trusted Certificate Authority. This certificate is stored on the client’s phone. phone inside DRMprotected space. All attacks on other channels are negated as the user approves Each transaction to approve (website login, beneficiary payment, the actual transaction and will immediately discover any fraudulent etc) is sent to the client’s phone, and a description of what the attempt. transaction entails is displayed to the user. He can choose to either Accept or Reject the transaction. The response is then cryptographically signed with the private key of the user’s certificate residing on the phone and sent down to the requesting server to be verified through PKI. This signature can then be used to ensure non-repudiation and prove the intent of any user pertaining to a specific transaction. BANK SECURE AREA TRANSFER $100 TO JOHN SMITH 1 TRANSACTION REQUEST USER 6 TRANSACTION ACCEPTED OR REJECTED TRANSFER SUCCESSFUL 2 5 YES 4 RESPONSE: YES/NO 3 TRANSACTION REQUEST SENT TO MOBILE DO YOU WANT TO TRANSFER TRANSECQ MOBILE $100 TO JOHN SMITH? AGGREGATOR Tel. 678.466.6772 | info@transecq.com | www.transecq.com
Transecq Two-Factor Authentication This system can be used as a real-time, second-factor, out-of- • Certificate is not tied to the SIM-card (or phone number), band authentication gateway for absolutely any digital action or so user is free to change SIMs (for example when travelling transaction. User input is minimal, enhancing user experience and overseas) and no pre-arrangement with mobile operators are also eliminating human errors. This system has already been used necessary when using this system, since everything is stored to successfully secure the following types of transactions: on the handset, not the SIM • Online web login and transactions (Internet Banking, Trading, • All communications are packet data (IP based), which means etc.) that institutions save millions of dollars in SMS (text) costs. • Online Credit Card (Card Not Present) purchases tying into • Transecq ITA application can be remotely launched on user’s 3-D Secure. handset by binary SMS if necessary • Credit and Debit Card Transactions at Point-of-Sale • OTP mode (generated on the handset) when there is no GSM • ATM (Automated Teller Machine) Cash withdrawals coverage • Transactions can be pre-approved by a user using ITA, in Advantages in using Transecq’s ITA system as opposed to other cases where the user knows he will enter and transact in a systems: poor GSM covered area • Phishing, MITB, MITM, keystroke logging and any other forms • ITA is completely scalable and a single phone application of user impersonation is impossible granting the user access to all ITA enabled institutions • Transaction rejections can immediately be flagged and the • An online user PIN allows for additional protection and is user contacted or account placed under review embedded in the digital signature of transactions approved • Non-repudiation is ensured since each transaction is digitally • Bidirectional flow of transactions signed by the user’s private key • Self-service options may also be made available inside ITA applications: Check balances, active/de-activate cards, limit changing In summary Transecq provides true two-factor authentication completely isolated out-of-band, and also fulfills the requirements for user convenience and usability ensuring a healthy adoption rate crucial for successful implementation and sustained operation. Transecq is the leading provider of global secure transaction authentication services. Tel. 678.466.6772 | info@transecq.com | www.transecq.com

Recommandé

Sms based otp
Sms based otpSms based otp
Sms based otpHai Nguyen
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
325 330
325 330325 330
325 330Editor IJARCET
 
E0962833
E0962833E0962833
E0962833IOSR Journals
 
ppt
pptppt
pptVideoguy
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authenticationHai Nguyen
 
Survey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-Payments
Survey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-PaymentsSurvey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-Payments
Survey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-PaymentsIRJET Journal
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust Datacard
 

Recommandé

Sms based otp
Sms based otpSms based otp
Sms based otpHai Nguyen
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
325 330
325 330325 330
325 330Editor IJARCET
 
E0962833
E0962833E0962833
E0962833IOSR Journals
 
ppt
pptppt
pptVideoguy
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authenticationHai Nguyen
 
Survey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-Payments
Survey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-PaymentsSurvey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-Payments
Survey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-PaymentsIRJET Journal
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust Datacard
 
Paper1_Final
Paper1_FinalPaper1_Final
Paper1_FinalViral Savani
 
Online applications using strong authentication with OTP grid cards
Online applications using strong authentication with OTP grid cardsOnline applications using strong authentication with OTP grid cards
Online applications using strong authentication with OTP grid cardsBayalagmaa Davaanyam
 
E Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPE Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPijtsrd
 
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...Chema Alonso
 
120 i143
120 i143120 i143
120 i143Hai Nguyen
 
Replace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemReplace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemWarren Smith
 
Dubai 1
Dubai 1Dubai 1
Dubai 1mmavis
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Two Factor Authentication Using Smartphone Generated One Time Password
Two Factor Authentication Using Smartphone Generated One Time PasswordTwo Factor Authentication Using Smartphone Generated One Time Password
Two Factor Authentication Using Smartphone Generated One Time PasswordIOSR Journals
 
A secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authenticationsA secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authenticationseSAT Publishing House
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailarHai Nguyen
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
Zsun
ZsunZsun
ZsunHai Nguyen
 
Security Analysis of Mobile Authentication Using QR-Codes
Security Analysis of Mobile Authentication Using QR-Codes Security Analysis of Mobile Authentication Using QR-Codes
Security Analysis of Mobile Authentication Using QR-Codes csandit
 
Iaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authenticationIaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authenticationIaetsd Iaetsd
 
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Techsylvania
 
Psdot 11 highly secured net banking system using fingerprint recognition tech...
Psdot 11 highly secured net banking system using fingerprint recognition tech...Psdot 11 highly secured net banking system using fingerprint recognition tech...
Psdot 11 highly secured net banking system using fingerprint recognition tech...ZTech Proje
 
13_2
13_213_2
13_2Prince Gupta
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)DCIT, a.s.
 
Instructivo uso repuce _primera asamblea
Instructivo uso repuce _primera asambleaInstructivo uso repuce _primera asamblea
Instructivo uso repuce _primera asambleaPrimaria 19 de Noviembre
 
Atag & drupal 8
Atag & drupal 8Atag & drupal 8
Atag & drupal 8Mike Gifford
 
KEDWIBAHASAAN/BILINGUALISM/Pemilihan Bahasa Indonesia sebagai Bahasa Ibu (B1)...
KEDWIBAHASAAN/BILINGUALISM/Pemilihan Bahasa Indonesia sebagai Bahasa Ibu (B1)...KEDWIBAHASAAN/BILINGUALISM/Pemilihan Bahasa Indonesia sebagai Bahasa Ibu (B1)...
KEDWIBAHASAAN/BILINGUALISM/Pemilihan Bahasa Indonesia sebagai Bahasa Ibu (B1)...Baren Barnabas
 

Contenu connexe

Tendances

Online applications using strong authentication with OTP grid cards
Online applications using strong authentication with OTP grid cardsOnline applications using strong authentication with OTP grid cards
Online applications using strong authentication with OTP grid cardsBayalagmaa Davaanyam
 
E Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPE Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPijtsrd
 
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...Chema Alonso
 
Replace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemReplace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemWarren Smith
 
Dubai 1
Dubai 1Dubai 1
Dubai 1mmavis
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Two Factor Authentication Using Smartphone Generated One Time Password
Two Factor Authentication Using Smartphone Generated One Time PasswordTwo Factor Authentication Using Smartphone Generated One Time Password
Two Factor Authentication Using Smartphone Generated One Time PasswordIOSR Journals
 
A secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authenticationsA secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authenticationseSAT Publishing House
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailarHai Nguyen
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
Security Analysis of Mobile Authentication Using QR-Codes
Security Analysis of Mobile Authentication Using QR-Codes Security Analysis of Mobile Authentication Using QR-Codes
Security Analysis of Mobile Authentication Using QR-Codes csandit
 
Iaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authenticationIaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authenticationIaetsd Iaetsd
 
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Techsylvania
 
Psdot 11 highly secured net banking system using fingerprint recognition tech...
Psdot 11 highly secured net banking system using fingerprint recognition tech...Psdot 11 highly secured net banking system using fingerprint recognition tech...
Psdot 11 highly secured net banking system using fingerprint recognition tech...ZTech Proje
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)DCIT, a.s.
 

Tendances (19)

Paper1_Final
Paper1_FinalPaper1_Final
Paper1_Final
 
Online applications using strong authentication with OTP grid cards
Online applications using strong authentication with OTP grid cardsOnline applications using strong authentication with OTP grid cards
Online applications using strong authentication with OTP grid cards
 
E Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPE Authentication System with QR Code and OTP
E Authentication System with QR Code and OTP
 
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
 
120 i143
120 i143120 i143
120 i143
 
Replace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemReplace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card System
 
Dubai 1
Dubai 1Dubai 1
Dubai 1
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
Two Factor Authentication Using Smartphone Generated One Time Password
Two Factor Authentication Using Smartphone Generated One Time PasswordTwo Factor Authentication Using Smartphone Generated One Time Password
Two Factor Authentication Using Smartphone Generated One Time Password
 
A secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authenticationsA secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authentications
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
 
Zsun
ZsunZsun
Zsun
 
Security Analysis of Mobile Authentication Using QR-Codes
Security Analysis of Mobile Authentication Using QR-Codes Security Analysis of Mobile Authentication Using QR-Codes
Security Analysis of Mobile Authentication Using QR-Codes
 
Iaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authenticationIaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authentication
 
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
 
Psdot 11 highly secured net banking system using fingerprint recognition tech...
Psdot 11 highly secured net banking system using fingerprint recognition tech...Psdot 11 highly secured net banking system using fingerprint recognition tech...
Psdot 11 highly secured net banking system using fingerprint recognition tech...
 
13_2
13_213_2
13_2
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)
 

En vedette

KEDWIBAHASAAN/BILINGUALISM/Pemilihan Bahasa Indonesia sebagai Bahasa Ibu (B1)...
KEDWIBAHASAAN/BILINGUALISM/Pemilihan Bahasa Indonesia sebagai Bahasa Ibu (B1)...KEDWIBAHASAAN/BILINGUALISM/Pemilihan Bahasa Indonesia sebagai Bahasa Ibu (B1)...
KEDWIBAHASAAN/BILINGUALISM/Pemilihan Bahasa Indonesia sebagai Bahasa Ibu (B1)...Baren Barnabas
 
презентация1
презентация1презентация1
презентация1Slava Bogdan
 
Online reputation management tip 1
Online reputation management tip 1Online reputation management tip 1
Online reputation management tip 1Alan Vesty
 
Article review : Does Game-Based Learning Work? Results from Three Recent Stu...
Article review : Does Game-Based Learning Work? Results from Three Recent Stu...Article review : Does Game-Based Learning Work? Results from Three Recent Stu...
Article review : Does Game-Based Learning Work? Results from Three Recent Stu...Nurnabihah Mohamad Nizar
 
Some photos from the delegation chapter 2011
Some photos from the delegation chapter 2011Some photos from the delegation chapter 2011
Some photos from the delegation chapter 2011Simona Vacchieri
 
Basiscursus iPad (iOS7) najaar 2013
Basiscursus iPad (iOS7) najaar 2013Basiscursus iPad (iOS7) najaar 2013
Basiscursus iPad (iOS7) najaar 2013Désirée Hazekamp
 
مظاهر تطور الحضارة الإنسانية
مظاهر تطور الحضارة الإنسانيةمظاهر تطور الحضارة الإنسانية
مظاهر تطور الحضارة الإنسانيةMotasem Ash
 
الكيمياء عند المسلمين
الكيمياء عند المسلمينالكيمياء عند المسلمين
الكيمياء عند المسلمينMotasem Ash
 
[After Going Live Studio] Software archaeology
[After Going Live Studio] Software archaeology[After Going Live Studio] Software archaeology
[After Going Live Studio] Software archaeologyGlobant
 
Deber ecuaciones de valor
Deber ecuaciones de valorDeber ecuaciones de valor
Deber ecuaciones de valorYaja V. Yepez
 
Tripwire MarchApril 2012
Tripwire MarchApril 2012Tripwire MarchApril 2012
Tripwire MarchApril 2012ruralfringe
 
Green enviornment
Green enviornmentGreen enviornment
Green enviornmentRazib M
 
萌え要素の効果について分析してみた@第8回ニコニコ学会βシンポジウム
萌え要素の効果について分析してみた@第8回ニコニコ学会βシンポジウム萌え要素の効果について分析してみた@第8回ニコニコ学会βシンポジウム
萌え要素の効果について分析してみた@第8回ニコニコ学会βシンポジウムMasanori Takano
 
Delimamalindo shipping marine services
Delimamalindo shipping marine servicesDelimamalindo shipping marine services
Delimamalindo shipping marine serviceshassand bindin
 

En vedette (20)

Instructivo uso repuce _primera asamblea
Instructivo uso repuce _primera asambleaInstructivo uso repuce _primera asamblea
Instructivo uso repuce _primera asamblea
 
Atag & drupal 8
Atag & drupal 8Atag & drupal 8
Atag & drupal 8
 
KEDWIBAHASAAN/BILINGUALISM/Pemilihan Bahasa Indonesia sebagai Bahasa Ibu (B1)...
KEDWIBAHASAAN/BILINGUALISM/Pemilihan Bahasa Indonesia sebagai Bahasa Ibu (B1)...KEDWIBAHASAAN/BILINGUALISM/Pemilihan Bahasa Indonesia sebagai Bahasa Ibu (B1)...
KEDWIBAHASAAN/BILINGUALISM/Pemilihan Bahasa Indonesia sebagai Bahasa Ibu (B1)...
 
Mohammed ppuh
Mohammed ppuhMohammed ppuh
Mohammed ppuh
 
презентация1
презентация1презентация1
презентация1
 
Online reputation management tip 1
Online reputation management tip 1Online reputation management tip 1
Online reputation management tip 1
 
Article review : Does Game-Based Learning Work? Results from Three Recent Stu...
Article review : Does Game-Based Learning Work? Results from Three Recent Stu...Article review : Does Game-Based Learning Work? Results from Three Recent Stu...
Article review : Does Game-Based Learning Work? Results from Three Recent Stu...
 
Some photos from the delegation chapter 2011
Some photos from the delegation chapter 2011Some photos from the delegation chapter 2011
Some photos from the delegation chapter 2011
 
Basiscursus iPad (iOS7) najaar 2013
Basiscursus iPad (iOS7) najaar 2013Basiscursus iPad (iOS7) najaar 2013
Basiscursus iPad (iOS7) najaar 2013
 
مظاهر تطور الحضارة الإنسانية
مظاهر تطور الحضارة الإنسانيةمظاهر تطور الحضارة الإنسانية
مظاهر تطور الحضارة الإنسانية
 
الكيمياء عند المسلمين
الكيمياء عند المسلمينالكيمياء عند المسلمين
الكيمياء عند المسلمين
 
[After Going Live Studio] Software archaeology
[After Going Live Studio] Software archaeology[After Going Live Studio] Software archaeology
[After Going Live Studio] Software archaeology
 
FATZO Summary
FATZO SummaryFATZO Summary
FATZO Summary
 
Avigujarat
AvigujaratAvigujarat
Avigujarat
 
Deber ecuaciones de valor
Deber ecuaciones de valorDeber ecuaciones de valor
Deber ecuaciones de valor
 
Tripwire MarchApril 2012
Tripwire MarchApril 2012Tripwire MarchApril 2012
Tripwire MarchApril 2012
 
Green enviornment
Green enviornmentGreen enviornment
Green enviornment
 
萌え要素の効果について分析してみた@第8回ニコニコ学会βシンポジウム
萌え要素の効果について分析してみた@第8回ニコニコ学会βシンポジウム萌え要素の効果について分析してみた@第8回ニコニコ学会βシンポジウム
萌え要素の効果について分析してみた@第8回ニコニコ学会βシンポジウム
 
Delimamalindo shipping marine services
Delimamalindo shipping marine servicesDelimamalindo shipping marine services
Delimamalindo shipping marine services
 
E-Resources Induction (Liverpool Community College)
E-Resources Induction (Liverpool Community College)E-Resources Induction (Liverpool Community College)
E-Resources Induction (Liverpool Community College)
 

Similaire à Transecq ITA

CTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-BorenCTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-Borensegughana
 
IRJET- Multi sharing Data using OTP
IRJET- Multi sharing Data using OTPIRJET- Multi sharing Data using OTP
IRJET- Multi sharing Data using OTPIRJET Journal
 
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICESURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICEEditor IJMTER
 
A Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key CryptographyA Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key CryptographyIDES Editor
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
 
Man in-the-browser tectia-whitepaper
Man in-the-browser tectia-whitepaperMan in-the-browser tectia-whitepaper
Man in-the-browser tectia-whitepaperHai Nguyen
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignRajat Jain
 
Nt1310 Unit 1 Assignment 1
Nt1310 Unit 1 Assignment 1Nt1310 Unit 1 Assignment 1
Nt1310 Unit 1 Assignment 1Lisa Brown
 
Mobile Ad Hoc Networks ( Manets )
Mobile Ad Hoc Networks ( Manets )Mobile Ad Hoc Networks ( Manets )
Mobile Ad Hoc Networks ( Manets )Heather Vargas
 
Improving System Security and User Privacy in Secure Electronic Transaction (...
Improving System Security and User Privacy in Secure Electronic Transaction (...Improving System Security and User Privacy in Secure Electronic Transaction (...
Improving System Security and User Privacy in Secure Electronic Transaction (...IJERA Editor
 
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdfSecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdfSecurity Gen
 
Application to Quickly and Safely Store and Recover Credit Card’s Information...
Application to Quickly and Safely Store and Recover Credit Card’s Information...Application to Quickly and Safely Store and Recover Credit Card’s Information...
Application to Quickly and Safely Store and Recover Credit Card’s Information...IRJET Journal
 
Nt2580 Final Project Essay Examples
Nt2580 Final Project Essay ExamplesNt2580 Final Project Essay Examples
Nt2580 Final Project Essay ExamplesSherry Bailey
 
A secure communication in smart phones using two factor authentication
A secure communication in smart phones using two factor authenticationA secure communication in smart phones using two factor authentication
A secure communication in smart phones using two factor authenticationeSAT Journals
 

Similaire à Transecq ITA (20)

CTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-BorenCTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-Boren
 
87559489 auth
87559489 auth87559489 auth
87559489 auth
 
IRJET- Multi sharing Data using OTP
IRJET- Multi sharing Data using OTPIRJET- Multi sharing Data using OTP
IRJET- Multi sharing Data using OTP
 
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICESURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
 
A Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key CryptographyA Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
A Secure Account-Based Mobile Payment Protocol with Public Key Cryptography
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...
 
Man in-the-browser tectia-whitepaper
Man in-the-browser tectia-whitepaperMan in-the-browser tectia-whitepaper
Man in-the-browser tectia-whitepaper
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect Design
 
Nt1310 Unit 1 Assignment 1
Nt1310 Unit 1 Assignment 1Nt1310 Unit 1 Assignment 1
Nt1310 Unit 1 Assignment 1
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce Security
 
Mobile Ad Hoc Networks ( Manets )
Mobile Ad Hoc Networks ( Manets )Mobile Ad Hoc Networks ( Manets )
Mobile Ad Hoc Networks ( Manets )
 
Tokenization
TokenizationTokenization
Tokenization
 
Improving System Security and User Privacy in Secure Electronic Transaction (...
Improving System Security and User Privacy in Secure Electronic Transaction (...Improving System Security and User Privacy in Secure Electronic Transaction (...
Improving System Security and User Privacy in Secure Electronic Transaction (...
 
Blockchains.My - Decentralised Mobile Wallet App
Blockchains.My - Decentralised Mobile Wallet AppBlockchains.My - Decentralised Mobile Wallet App
Blockchains.My - Decentralised Mobile Wallet App
 
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdfSecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
 
Application to Quickly and Safely Store and Recover Credit Card’s Information...
Application to Quickly and Safely Store and Recover Credit Card’s Information...Application to Quickly and Safely Store and Recover Credit Card’s Information...
Application to Quickly and Safely Store and Recover Credit Card’s Information...
 
Nt2580 Final Project Essay Examples
Nt2580 Final Project Essay ExamplesNt2580 Final Project Essay Examples
Nt2580 Final Project Essay Examples
 
A secure communication in smart phones using two factor authentication
A secure communication in smart phones using two factor authenticationA secure communication in smart phones using two factor authentication
A secure communication in smart phones using two factor authentication
 
otp crid cards
otp crid cardsotp crid cards
otp crid cards
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 

Dernier

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

Dernier (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

Transecq ITA

  • 1. Transecq Two-Factor Authentication The need for stronger authentication mechanisms Establishing the true identity of an online user is often a tricky task. Traditionally, users have been identified by means of a username and password. Once these credentials are supplied, a user is usually granted unconditional access to the system. In the case of online transaction systems, it is vital that someone does not gain unauthorized access enabling them to commit some level of fraud. As the Internet is becoming more central to everyone’s day-to-day life, an increasing number of services are being made available online. This includes sensitive services such as online banking, online purchases, restricted remote system access and many more. Along with this trend, fraud is also increasing at an alarming rate, exploiting the security loopholes in existing information infrastructure. With the widespread use of exploits such as MITM (Man-In-The- Middle), MITB (Man-In-The-Browser), keystroke logging, phishing and various TEMPEST methods, additional means of online user identification and transaction verification becomes an absolute necessity. A username and password is no longer sufficient to identify a user. The path to a viable solution A user validation concept that has been around for a couple of years is two-factor authentication. A simple username and Furthermore scalability becomes problematic, as well as the password employed for remote authentication is considered a considerable expenses involved to provision, manage and replace single factor of authentication. By providing an additional, different all the physical hardware devices. means of authentication, a second factor is introduced into the Solving the problems of token devices, mobile one-time passwords authentication process allowing two-factor (or multiple-factor) (OTP’s) do go a long way. However, technically it is still very similar authentication. to hardware tokens. OTP’s as a second factor of authentication are A true second factor is usually implemented as something a user usually provisioned to a mobile phone via an SMS (text message) has or possesses, while the traditional username and password sent from the authentication system, normally a bank, and should (first factor) are things the user knows; a perpetrator would have to be entered into the system to complete authentication. gain access to the knowledge (passwords) and the physical item Users always have their phones with them, and a unique bond to be able to authenticate as someone else. between a user and a phone can easily be established. However, Hardware tokens are popular second factors. The user carries a SMS messaging does have drawbacks. Being a store-and-forward small device capable of generating some unique authentication technology, delivery delays often occur and various loopholes for number (token) that can be entered into the authentication interception also clouds the integrity of this technology: especially platform. The system usually employs some mathematical method since SMS contents is sent in plaintext. Another important point is to determine if this token indeed belongs to the specified user. the cost of sending these messages to users. Banking institutions So in addition to the facts the user should know (username and deploy significant resources to send and manage OTP’s via SMS. password), he also needs to be in possession of the hardware Various systems in the market generate an OTP on the mobile token device to successfully authenticate and gain access to the device, via applications written mostly in JAVA, although other system. platform specific applications are not uncommon. This model Some problems do, however, exist around hardware tokens. Since eliminates the costs and problems around SMS OTP delivery, the user is required to constantly carry the device, it is easily lost since the user is now capable of generating an OTP at any time, and also impacts negatively on the mobile appeal of the solution. using only their mobile phone. Tel. 678.466.6772 | info@transecq.com | www.transecq.com
  • 2. Transecq Two-Factor Authentication A novel way of authentication Although a cost-effective and more convenient solution, this still Transecq’s Interactive Transaction Authentication (ITA) system is does not address the most important shortcoming of OTP’s. True a complete solution to all the authentication problems plaguing two-factor authentication can only be reached when the second the industry today, by approaching the problem holistically factor is totally out of band. Simply put, the second factor of and enabling second factor authentication, with bidirectional authentication should not re-use the communication channel of (encrypted) out-of-band data transmission. ITA consists of a high the first factor (username and password). All OTP/token solutions performance socket server receiving authentication requests from rely on the fact that the token or number is entered into the same a workflow engine (through ISO8583, OpenID, RADIUS, LDAP or system the username and password was entered. This simple SOAP) and relaying the messages to a corresponding user by fact exposes the system to a whole range of vulnerabilities sending the messages to an application on their mobile phone for for perpetrators to abuse. By successfully attacking the main approval by the user. communication channel (usually the Internet), perpetrators The ITA application on the mobile phone is available for the effectively compromise both authentication factors. following platforms: Gartner states in its report “Where Strong Authentication Fails and • J2ME (MIDP 2.0) What You Can Do About It” (G00173132) that any authentication • Android method relying on browser communications can be defeated. They further go on to note that even techniques relying on out- • iPhone of-band phone calls can be thwarted because of the simplicity of • BlackBerry forwarding a phone call to another number. The Transecq solution • Windows Mobile described in this paper is unique in the fact that it adheres to all • As a USSD network service for phones not supporting the of Gartner’s recommendations and is impervious to the attacks above applications plaguing the industry today. A standard attack scenario can be described as follows: A user opens a phishing site masquerading as the real website. He supplies his username and password. The fake site immediately enters these credentials into the real site using an automated script, causing an OTP to be sent to the user’s phone (or prompts the user to generate an OTP from a token generating device). At this stage any SiteKey or SurePhrase messages are also duplicated from the real site to the fake site, further strengthening the apparent legitimacy of the system. The fake site now prompts the user to enter this OTP that they generated, or by now received from the real site. At this stage, the fake site has enough details to log in to the user’s account, and transact fraudulently. AT&T 12:34 PM Transecq Mobile A truly secure two-factor solution can only be considered employing strong authentication when the second factor is completely Transecq Mobile 12:00 PM Transecq Mobile isolated and the complete loop is totally out of band with respect to the first factor. Only a system meeting these requirements would ept t t f $2495.95 9 Accept payment of $2495.95 be truly reliable in maintaining authentication integrity. Acceptt t f $2495.95 9 Accept payment of $2495.95 m d from vendor GENSTORE? Reject Accept from vendor GENSTORE? Reject Accept Once authenticated, a user should additionally be required to Acceptt t f $2495. $2495. Accept payment of $2495.95 GENSTORE from vendor GENSTORE? Reject Reject Accept Accept authenticate certain key procedures within the online/remote Reject Reject Accept Accept session - for example making beneficiary payments in an online # @ banking environment. SSL/TLS, although in essence still secure, Q 1 w 2 3 ( ) _ - 0 + P E R Y U I T *A 4 5 6 ; , “ del is by its self is no longer sufficient to protect against interception S D F / G H : J K L alt 7 8 9 ? ! , . techniques taking advantage of software implementation Z X C V B N M $ aA 0 space sym aA vulnerabilities. Therefore transaction verification totally eliminates any kind of MITM and MITB attacks, since each transaction is verified out of band in a secure and isolated authentication loop. Tel. 678.466.6772 | info@transecq.com | www.transecq.com
  • 3. Transecq Two-Factor Authentication The Transecq ITA platform can identify each mobile phone in the No matter what type of attack occurs (i.e. even if a transaction world uniquely by automatically issuing each client’s phone with is changed or manipulated by a fraudster) the actual transaction a Digital Fingerprint, also called a X.509 client side certificate occurring at the bank is sent directly to the specific user over an enabling bilateral certificate validation, issued from Transecq’s encrypted second band accessible only to the specific paired trusted Certificate Authority. This certificate is stored on the client’s phone. phone inside DRMprotected space. All attacks on other channels are negated as the user approves Each transaction to approve (website login, beneficiary payment, the actual transaction and will immediately discover any fraudulent etc) is sent to the client’s phone, and a description of what the attempt. transaction entails is displayed to the user. He can choose to either Accept or Reject the transaction. The response is then cryptographically signed with the private key of the user’s certificate residing on the phone and sent down to the requesting server to be verified through PKI. This signature can then be used to ensure non-repudiation and prove the intent of any user pertaining to a specific transaction. BANK SECURE AREA TRANSFER $100 TO JOHN SMITH 1 TRANSACTION REQUEST USER 6 TRANSACTION ACCEPTED OR REJECTED TRANSFER SUCCESSFUL 2 5 YES 4 RESPONSE: YES/NO 3 TRANSACTION REQUEST SENT TO MOBILE DO YOU WANT TO TRANSFER TRANSECQ MOBILE $100 TO JOHN SMITH? AGGREGATOR Tel. 678.466.6772 | info@transecq.com | www.transecq.com
  • 4. Transecq Two-Factor Authentication This system can be used as a real-time, second-factor, out-of- • Certificate is not tied to the SIM-card (or phone number), band authentication gateway for absolutely any digital action or so user is free to change SIMs (for example when travelling transaction. User input is minimal, enhancing user experience and overseas) and no pre-arrangement with mobile operators are also eliminating human errors. This system has already been used necessary when using this system, since everything is stored to successfully secure the following types of transactions: on the handset, not the SIM • Online web login and transactions (Internet Banking, Trading, • All communications are packet data (IP based), which means etc.) that institutions save millions of dollars in SMS (text) costs. • Online Credit Card (Card Not Present) purchases tying into • Transecq ITA application can be remotely launched on user’s 3-D Secure. handset by binary SMS if necessary • Credit and Debit Card Transactions at Point-of-Sale • OTP mode (generated on the handset) when there is no GSM • ATM (Automated Teller Machine) Cash withdrawals coverage • Transactions can be pre-approved by a user using ITA, in Advantages in using Transecq’s ITA system as opposed to other cases where the user knows he will enter and transact in a systems: poor GSM covered area • Phishing, MITB, MITM, keystroke logging and any other forms • ITA is completely scalable and a single phone application of user impersonation is impossible granting the user access to all ITA enabled institutions • Transaction rejections can immediately be flagged and the • An online user PIN allows for additional protection and is user contacted or account placed under review embedded in the digital signature of transactions approved • Non-repudiation is ensured since each transaction is digitally • Bidirectional flow of transactions signed by the user’s private key • Self-service options may also be made available inside ITA applications: Check balances, active/de-activate cards, limit changing In summary Transecq provides true two-factor authentication completely isolated out-of-band, and also fulfills the requirements for user convenience and usability ensuring a healthy adoption rate crucial for successful implementation and sustained operation. Transecq is the leading provider of global secure transaction authentication services. Tel. 678.466.6772 | info@transecq.com | www.transecq.com