FAQ

General Questions

Question: What is strong authentication, multi-factor authentication or 2-factor authentication (2FA)?

Strong authentication is to be something better than just a username and password, which are commonly known as “static credentials”. Static credentials can be socially engineered, guessed, copied and intercepted by malware or easily cracked using tools that are readily available on the internet.

Although strong authentication might mean just adding in additional security questions and answer (which doesn’t really provide any additional security vs username and password), most people would interpret “strong authentication” to mean multi-factor or two-factor authentication. Multi-factor authentication means using two or more of:

  • Something you know (such as a username, password or PIN)
  • Something you have (e.g. a security token, a smart card, an SMS message delivered via a separate mobile phone, a software token on a mobile phone, etc.)
  • Something you are (such as a biometric – fingerprint, retina scan, etc.)

2-Factor authentication is more secure than static credentials because even if the memorised data is compromised, an attacker would still need to get the second factor – the security token or mobile phone of the user, making the attack much more difficult.

Keywords: strong authentication/multi-factor authentication/2-factor authentication

Question: What is CA/Certificate Authority?

It is a trusted entity that issues electronic documents (certificates) which verify a digital entity’s identity on the Internet.

Keywords: CA/Certificate Authority/trusted entity

Question: What is DNS/Domain Name System?

It is a hierarchical distributed naming system for computers, services, or any resource connected to a computer network.

Keywords: DNS/Domain Name System

Question: What is FTP/ File Transfer Protocol?

It is a protocol used to transfer files over a computer network. FTP can be made more secure by using SSH File Transfer Protocol (SFTP) or FTP over SSL (FTPS).

Keywords: FTP/transfer files/SFTP, SSL

Question: What is SNMP/Simple Network Management Protocol?

It is a protocol used for monitoring devices connected to a computer network.

Keywords: SNMP/monitoring devices

Question: What is SOAP/ Simple Object Access Protocol?

It is an extensible protocol which Freja ID uses internally and which can be used for the purposes of integration with custom applications.

Keywords: SOAP/Freja ID/integration

Question: What is SSL/Secure Sockets Layer?

It is a cryptographic protocol for secure communication over computer networks.

Keywords: SSL/secure communication

Question: What is HOTP/HMAC-based One-Time Password?

It is an event-based algorithm for OTP calculation.

Keywords: HOTP/HMAC

Question: What is TOTP/Time-based One-Time Password?

It is a time-based algorithm for OTP calculation.

Keywords: TOTP/OTP calculation

Question: What is HSM/Hardware Security Module?

It is a device which manages cryptographic keys and performs cryptographic operations. Freja ID may be delivered with a built-in HSM or integrated with a network-attached HSM.

Keywords: Freja ID/HSM/cryptographic keys

Question: What is LDAP/Lightweight Directory Access Protocol?

It is an open standard for directory services. Freja ID, Freja SSP and Freja Connect can be integrated with any directory that supports LDAP.

Keywords: Freja ID/LDAP/open standard

Question: What is NTP/ Network Time Protocol?

It is a protocol used for time synchronisation across computer networks. It is recommended to synchronise Freja ID with a NTP server.

Keywords: NTP/Freja ID/time synchronization

Question: What is OATH/ Open Authentication?

It is the open standard which Freja ID uses for one-time password calculation. Freja ID supports all authentication devices based on OATH, regardless of the manufacturer or specifications. Verisec fully supports OATH, which means customers can source their tokens from any OATH compliant source. This has helped dramatically drive down costs, even resulting in free tokens such as Google Authenticator.

Keywords: OATH/open authentication/OTP

Question: What is OCRA/OATH Challenge-Response Algorithm?

It is an extension to the OATH standard which uses a challenge-response mechanism for authentication.

Keywords: OCRA/OATH

Question: What is OTP/One-Time Password?

It is a password which is only valid for one authentication or transaction. OTPs are typically generated using a second-factor device – for example a hardware token or a smartphone app known as a soft token – and typically comprise a string of between 6 and 8 digits.

Keywords: OTP/One-Time Password

Question: What is PKI/Public Key Infrastructure?

It is a framework for managing electronic certificates and public-key encryption or signing, with defined procedures and policies. PKI connects a key pair (public and private key) with the individual or system to which it belongs.

Keywords: PKI/public and private key

Question: What is PSKC/Portable Symmetric Key Container?

It is a standard format for transporting cryptographic keys. In the context of Freja ID, PSKC files are used to import token data.

Keywords: PSKC/transporting cryptographic keys

Question: What is RADIUS/Remote Authentication Dial-In User Services?

It is a standardised protocol supported by numerous authentication systems and the majority of commercial off-the-shelf solutions for VPN, firewalls, etc.

Keywords: RADIUS/remote authentication

Question: What is UTC/Coordinated Universal Time?

It is the primary time standard used in IT and telecommunications. UTC is equivalent to GMT (Greenwich Mean Time), but it does not make adjustments for daylight saving time.

Keywords: UTC/primary time standard

Question: What is VPN/Virtual Private Network?

It is a way for users to send and receive data securely across a public network (usually the Internet) as if their computer was directly connected to a private network (e.g. the internal network of a company).

Keywords: VPN/sending and receiving data

Question: What is WSDL (Web Services Description Language)?

It is used to describe the functionality of a web service in a machine-readable way. To integrate a custom application or service with Freja ID, the WDSL file of Freja ID should be imported into the relevant project.

Keywords: WSDL/machine–readable way

Question: What is authentication?

It is the process of confirming the identity of a person, web service or other entity.

Keywords: Authentication/confirming the identity

Question: What is cryptographic seed?

A cryptographic seed is used as input to an encryption algorithm. One example is generating a large number of random numbers in a repeatable fashion, a technique used to generate OTPs. The seed has to be kept secret.

Keywords: Cryptographic seed/algorithm encryption

Question: What is encryption?

It is rendering data in a form that cannot be read by unauthorised persons.

Keywords: encryption/rendering data

Question: What is token?

It is a security device which generates one-time passwords. The term ‘token’ may refer to a physical device, but also to a piece of software which performs the same function.

Keywords: Token/security device/one-time password

Question: Where can I find documentation for Verisec products?

Documentation can be downloaded by clicking on individual links within Freja ID and Multipliance. Each link is positioned in the top right corner of your browser. Depending on the tab you are at, a related link will be shown. E.g. if you open SSP tab, a SSP documentation link will be positioned in the upper right corner. You can also e-mail Verisec Support at support@verisec.com and ask for any documentation you need.

Keywords: Verisec/products/documentation

Question: Is Verisec offering Managed Authentication Services?

Yes.

Keywords: Verisec/Managed Authentication Services

Question: Does Verisec support Biometric Authentication methods?

Development of these methods is in progress. On the roadmap for Freja Mobile is support for utilising fingerprint readers on compliant devices (for example, iPhone 5S or later) for starting the Freja Mobile application itself as well as for transaction signing.

Keywords: Verisec/Biometric authentication methods

Question: Is Verisec a member or support the FIDO Alliance?

Not at present, support for U2F FIDO profiles is on the roadmap for FMC/FMT during 2016.

Keywords: Verisec/FIDO Alliance