USB TOKEN - Raise your ROI with Two-factor Authentication

For so many categories access control solutions, what is your best option: USB Token/Smart Card Form TOKEN/ OTP Token?
 
April 28, 2008 - PRLog -- Two-factor authentication is quite a hot topic in the InfoSecurity, RSA Conference, CeBit……. these several years. Before that, it seems password is sufficient to be the only authentication way, as long as the length and the complexity of the password are great. However, to lower the possibility of being attacked, monthly update, uppercase/lowercase letters, numbers, alphanumeric characters, even the foreign characters, more and more factors are needed when accessing sensitive systems and data. And unfortunately, most users are bad at selecting and memorizing a good secure password. How to innovate and improve the access control? Information security vendors, says Feitian Technologies Co., Ltd., they offer network security solutions that will both enhance the security and also introduce the convenience by using a short easy-to-remember password. These solutions are PKI and or OTP based two-factor authentication.

What is Two-factor Authentication?
Two-factor authentication relies on the following items:
1.   Something you have, such as a smart card ,USB Token or OTP Token
2.   Something you know, such as a password/personal identification number (PIN), which enables the user to get the authority of accessing the application of smart card, USB Token or OTP Token

Notice:
PKI – PKI stands for Public-Key Infrastructure, is a framework that provides security services to an organization using public-key cryptography. These services are generally implemented across a networked environment, work in conjunction with client-side software, and can be customized by the organization implementing them. An added bonus is that all security services are provided transparently - users do not need to know about public keys, private keys, certificates, or Certification Authorities in order to take advantage of the services provided by a PKI. (From Entrust)
OTP – OTP stands for One-Time Password, is to make it more difficult to gain unauthorized access to restricted resources, like a computer account. Traditionally static passwords can more easily be accessed by an unauthorized intruder given enough attempts and time. By constantly altering the password, as is done with a one-time password, this risk can be greatly reduced. (From Wikipedia)

To help the readers better understand two-factor authentication, here I use products from Feitian Technologies Co., Ltd. called ePass2000 - PKI based USB Token, FTSmart, and ePass OTP to explain their respective usage for Online Banking. In addition, the web security of online banking here is adhering to the industry standard measures, including:
   Secured online sessions, indicated by a URL address beginning with https:// or a padlock symbol in the lower right hand corner of your browser
   128-bit SSL (Secure Socket Layer) encryption
   Session time-outs, which automatically logs you off your Online Banking session after a period of inactivity

Part I – ePass2000 – PKI based USB Token

ePass2000 is a USB token, compact and portable, designed for authentication, verification and information encryption services, and support E-mail Encryption, Digital Signing and SSL using Internet Explorer, Outlook, Outlook Express, Netscape Communicator or any software product based on the MS CAPI or PKCS#11 standards. In addition, ePass2000 is remarkably versatile and Feitian's SDK may be used to create many other user defined applications.

1.   Each user of online banking is assigned an ePass2000 USB Token together with an initial PIN from banks
2.   Each ePass2000 USB Token has a globally unique serial number, this is important and can only be used by the designated user
3.   Users sign-on banks online and go to activation page to activate and register the ePass2000 USB Token before the expired date and download the digital certification into the ePass2000 USB Token with the initial PIN(during the processing of downloading the digital certification, ePass2000 USB Token generates the public key and private key by itself)
4.   Once register, users will be required to keep ePass2000 USB Token inserting on the computer in order to submit the digital signature and continue processing financial transactions (Internal transfers, wire transfers, bill payments and account openings) and accessing cash management services (Online investing and Trade Services)
5.   Users who sign-on banks online without ePass2000 USB Token will be restricted to view-only account access

ePass2000 USB Token uses smart card technology to enable the generation of public keys and private keys in the hardware. Private keys are never exposed to the PC environment.

Part II – FTSmart – All-in-one Solution

The online banking two-factor authentication usage of FTSmart is similar to ePass2000 USB Token. It’s only the interface and cost, which makes the difference. And how do we look at All-in-one? A smart card can include the magnetic stripe, contactless capability, use the USB port with a card reader. And also a smart card can be designed for electronic purse to meet the demand for public utility, says transportation, gas, water and electricity, in addition to the traditional bank card capability.

Notice: USB Token can also have the contactless capability or biometrics support, and more, can include Giga flash memory for storing documents and files. Smart Card can also involves Image authentication: http://www.freepatentsonline.com/5764770.html

Part III – ePass OTP Token

ePass OTP Token is a chip-based authentication token offering total mobility with maximum flexibility. ePass OTP Token is the core component of Feitian Technologies’ ePass OTP Authentication System – the two-factor authentication for VPN, LAN and strong Web access control. (From Feitian Technologies Co., Ltd.)

1.   Each user of online banking is assigned an ePass OTP from banks
2.   Each ePass OTP package will be labeled with a globally unique serial number, this is important and can only be used by the designated user
3.   Users sign-on banks online and go to registration page to register before the expired date
4.   Once register, users will be required to enter the password generated by the ePass OTP (press the button on ePass OTP then display) in addition to the User ID and static PIN each time when sign-on the secure online session, in order to continue processing financial transactions ( Internal transfers, wire transfers, bill payments and account openings) and accessing cash management services (Online investing and Trade Services)
5.   Users who sign-on banks online without ePass OTP password will be restricted to view-only account access

ePass OTP solution is helpful to minimize the risk of phishing, Trojan, shoulder surfing and other common types of online fraud.

Conclusion
Of course, two-factor authentication is also necessary for MNC (MultiNational Corporation), Government, eBusiness and so on, whose system demands for higher security. To raise ROI, can two-factor authentication solution satisfy you and your customers? And what kind of solution is better?  USB Token/Smart Card Form TOKEN/ OTP Token?

For more information, please visit us at http://www.ftsafe.com

# # #

Established in 1998, Feitian is dedicated to being the leading innovator of smartcard and chip operating system based security technologies and applications. Feitian's major business covers Software Protection, Strong Authentication, Smartcard COS and Peripherals.

Feitian cooperates closely with global leading smartcard chip providers, serves valuable customers with the world's latest technologies via its expanding sales and services network internationally.
End
Source: » Follow
Email:Contact Author
Tags:Usb Token, Two-factor Authentication
Industry:Computers, Security, Internet
Location:Beijing - China
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse
Feitian Technologies Co., Ltd. PRs
Trending News
Most Viewed
Top Daily News



Like PRLog?
9K2K1K
Click to Share