October 201619 location to authenticate them. Con-text-based authentication is gener-ally used in conjunction with other authentication methods. For highly secure environments, for example, a user may be required to provide a username, password, OTP and pass verification on the geographical lo-cation of the device initiating the session. Other techniques include device registration or fingerprint-ing, source IP address reputation and behavioral analysis.Context-based Tokens especially Biometric Scanners are the most expensive as a high end processor is needed as the base of such a scanner. The cost of implementing Biometric Token solutions will easily run into double digits dollars times per token.Internet Based Attacks Change Stronger Authentication ConceptsIn recent years, there is some debate within the information security community about the reliability of OTP Tokens, Certificate-based Tokens or Context-based Tokens for authentication. Critics claim a hacker can defeat the device with a man-in-the-middle (MITM) attack, which is when a hacker intercepts the token value (regardless of whether it is OTP tokens, PKI Tokens or Biometric) in real time, along with the user ID and password from a targeted phishing site. In the latest draft version of its Digital Authentication Guideline in July 2016, the United States National Institute of Standards and Technolo-gy (NIST) is also discouraging com-panies from even using SMS-based authentication in their two factor au-thentication schemes.The reason is that there has been a significant increase in attacks tar-geting SMS-based two-factor authen-tication recently. SMS messages can be hijacked over some VoIP services. Security researchers have used weak-ness in the SMS protocol to remotely interact with applications on the tar-get phone and compromising users. One example is that the malware can be implanted onto an Android Smart-phone to redirect the SMS OTP to the hacker phone.Major Features of Next Generation Advanced AuthenticationTransaction Signing is a term used in Internet Banking that requires customers to digitally "sign" transactions in order to preserve the authenticity and integrity of the online transaction. While performing any of the above online transactions, you will obtain a challenge code.So, the next generation strong authentication hardware token needs to incorporate a cost efficient and energy efficient optical sensor (as an example instead of a keypad type of hardware token) to change the dynamics of inputting the transaction data into the token so that it can be used to generate the Transaction Signature (like the OTP) without much hassle like when the keypad is locked. The next generation strong authentication software tokens need to incorporate at least one of these useful features like QR Code (in the event if there are no Telco connections at that instant); Push Technology that accepts or declines a transaction with a push of a button (with tokens verified and embedded with the push feature) and/or Secure Messaging (to provide enhanced user experience with much reliability and reliable online marketing to their client base compared to SMS).Any vendor(s) that can incorporate these two types of next generation strong authentications for hardware and software tokens in their product portfolio will ultimately be the clear winner in this strong authentication space for the 21st century. Transaction Signing is a term used in Internet Banking that requires customers to digitally "sign" transactions in order to preserve the authenticity and integrity of the online transactionLawrence Ang
< Page 9 | Page 11 >