In critical and sensitive applications like financial transaction, one authentication method is not enough. Therefore, the term appears 2FA (Two Factor Authentication) which is an authentication system that uses two factors (methods) are different. Four authentication methods that I described earlier can be combined to improve security, one example is the combination of "something you have" in the form of an ATM card with "something you know" in the form of a PIN. This combination is a combination of the most widely used.
Another case example is when you are shopping in a modern market and pay by card, you unwittingly been using more than one authentication factor. The first factor is the "Something You Have" is a debit card / credit you. The second factor is the "Something You Know", when you are prompted to enter a PIN into the EDC. In fact, there may be a third factor that is "Something You Can", when you are asked to sign a memorandum of payment printed EDC.
Internet banking is also using two factor authentication by combining "something you know" in the form of passwords and "something you have" in the form of hardware token (or token KeyBCA Mandiri).
Released Password Token Internet Banking
Generally there are two modes of internet banking token usage:
1. Fashion Challenge / Response (C / R)
This is the mode most often used when trading. In this mode the server provides a series of numbers challenge. This figure should be entered into the token machine to get an answer (response). Then the user enters the number that appears on token into the form on the internet banking site. Tokens will be issued a code different though with the same challenge code periodically depending on the time when the challenge is inserted into the token.
2. Self Generated Mode (Response Only)
In this mode the server does not provide a challenge (challenge) of any kind. Token users can directly issue a series of numbers without having to enter the challenge. Like fashion C / R, the token also issue a different code periodically depending on the time when the token required to generate self-generated code.
read more ...
Two Factor Authentication
How to Authentication Token Internet Banking
The use of tokens in the form of a small tool to secure the kind of calculator internet banking transactions has now become mandatory. This token is an additional factor in the authentication is to prove that you are truly legitimate users. Maybe there are wondering how to work as a token used Internet banking site? How small tools such as calculators that can produce numbers that are also known by the internet banking server when the device is not connect with the server. In this article I will explain the workings of internet banking token, and in the next article I will create a token-based software and a simple website that will simulate internet banking.
Authentication Method
Authentication aims to prove who you really, if you really who you claim as he (WHO you claim to be). There are many ways to prove who you are. Authentication method can be viewed in three categories of methods:
1. Something You Know
This is the most common authentication method. This method relies on the confidentiality of information, for example, is the password and PIN. This method assumes that no one who knows the secret unless you are an.
2. Something You Have
This usually is an additional factor to create a more secure authentication. This method relies on goods that are unique examples is the magnetic card / smartcard, hardware token, USB token, and so forth. This method assumes that no one who has the goods unless you are one.
3. Something You Are
This is the best method rare diapakai because of technological and human factors as well. This method relies on the uniqueness of your body parts which can not exist in others such as fingerprint, voice or retina prints. This method assumes that part of your body such as fingerprints and retinal prints, maybe not the same as anyone else.
And what about the traditional authentication methods such as the above signature stamp? Where do I get into that category of the three methods above? I do not think there is a match, so I add one more that is "Something You Can". This method assumes that no one else in this world who can do it besides you. Indeed authentication with signatures is built on the assumption that no one can write your signature unless you. Although in reality there are only people who can imitate your signature very well, but although aware of these facts on paper signatures are recognized as an authentic proof of who you are.
read more ...
Posts
