OTP solutions for Strong Authentication

One Time Password (OTP) is an authentication method that requires the use of a personal device delivered to the user. With this tool you can dynamically generate an authentication code that is verified by secure authentication server. The added security of an OTP instead of the classical UserId and password depends on the use of a secret key hidden in the device. This key is used to generate the authentication token. It can not be duplicated with the same ease with which you copy your ID and password.

There are countless OTP devices, both hardware and software.
Hardware devices are different in build quality and features offered. The basic function is possible using a display and a button that triggers the generation of a new token. The more complex devices offer different features and a keyboard to enable a more complex interaction. Software devices are instead designed to be installed on a computer which may be the user's PC or his smartphone. The variety of devices is accompanied by the presence of many different vendors offering solutions with specific qualities and characteristics which are worth staying to make the right choice.
The product PkBox OTP is able to interface the main vendors of OTP and provide a vendor-independent authentication interface. These strong authentication solutions are therefore independent from the provider of devices and they are able to handle different authentication methods depending on the user's specific needs and safety

Countermeasures against the Man In The Middle attacks

The use of passwords and OTP are susceptible to an attack of the type Man in The Middle.
The theft of the token by an intruder who intercepts the package containing the authentication information may open the possibility of fraud difficult to detect and therefore very dangerous. To prevent this from happening, Intesi Group proposes the SecurePin mechanism. Before sending data service access or authorization to a transaction, the couple PIN and OTP is encrypted using the public key for the authentication service. The encrypted information sent on the network can not be decrypted unless you own the corresponding private key. The private key is generated and protected in a FIPS Level 3 certified cryptographic devices or Common Criteria EAL4 + and therefore completely safe

From PinCard to Smartcard

The dynamics which evolve with the Internet service involves a similar dynamic for authentication tools. It is often necessary to adapt the security mechanisms of the site according to the client. It is not always possible to maintain a complete consistency of authentication tools on all services provided. Hooking the authentication feature PkBox can be the ideal solution for those who must live with different authentication systems. So you should not implement every time a new interface to adapt it to the requirements of another method to integrate. PkSuite Security products propose a general solution to enable Strong Authentication and supports popular authentication methods currently used by companies with a single API. The simplest method is to use PinCard. A table of pin is printed on a plastic card. The user compose with this table an authentication code based on a request from the server. PIN codes are generated using cryptographic algorithms based on a secret key that prevents playback of fraudulent PinCard.
OTP mechanisms have already been discussed. OTP supported are RSA, Vasco and those produced under standard open source htp. Finally, the more secure authentication method is the one based on smartcards. It operates an electronic signature authentication using a token to verify that the user is indeed who claims to be.