Design Objectives
Provide a multi-factor authentication system using handheld, active tokens with a comprehensive set of Security Enforcing Functions and System Operational Procedures that mimimises the opportunities for Users to invoke the “Repudiation Defence - I have been innocently and unknowingly compromised” and so deny responsibility for illegitimate access.
Further,
- Provide measures to frustrate cloning of the Tokens and to detect attempted cloning.
- Include measures to prevent circumvention of the system or interference with its proper working.
- Allow the population of Tokens and their keys to be done in an efficient manner so that very large User communities can be easily supported.
- Have measures to allow automatic key update of Tokens in the field in a User transparent way as well the capability to completely refresh all the Token’s keys.
- Allow Token to display messages consisting of 16 text or 32 Hex characters.
- Enable the System to be integrated with the leading remote access architectures such as TLS VPN Gateways and ensure the integrity of the whole system.
- Provide, at the application level, authentication of Host to User and User to Host.
- Enable automatic recovery from defined insider attacks, specifically Token clones and reading of Server Data Files.
- Allows secure connection to an additional Server providing transactional Backup and speedy disaster recovery.
Challenges are never repeated, clone tokens can be detected, deterministic multi-factor authentication can be accomplished at the login or application level, Hosts can be verified so denying phishing. |
