Strong authentication is to be something better than just a username and password, which are commonly known as “static credentials”. Static credentials can be socially engineered, guessed, copied and intercepted by malware or easily cracked using tools that are readily available on the internet.
Although strong authentication might mean just adding in additional security questions and answer (which doesn’t really provide any additional security vs username and password), most people would interpret “strong authentication” to mean multi-factor or two-factor authentication. Multi-factor authentication means using two or more of:
2-Factor authentication is more secure than static credentials because even if the memorised data is compromised, an attacker would still need to get the second factor – the security token or mobile phone of the user, making the attack much more difficult.
It is a trusted entity that issues electronic documents (certificates) which verify a digital entity’s identity on the Internet.
It is a hierarchical distributed naming system for computers, services, or any resource connected to a computer network.
It is a protocol used to transfer files over a computer network. FTP can be made more secure by using SSH File Transfer Protocol (SFTP) or FTP over SSL (FTPS).
It is a protocol used for monitoring devices connected to a computer network.
It is an extensible protocol which Freja ID uses internally and which can be used for the purposes of integration with custom applications.
It is a cryptographic protocol for secure communication over computer networks.
It is an event-based algorithm for OTP calculation.
It is a time-based algorithm for OTP calculation.
It is a device which manages cryptographic keys and performs cryptographic operations. Freja ID may be delivered with a built-in HSM or integrated with a network-attached HSM.
It is an open standard for directory services. Freja ID, Freja SSP and Freja Connect can be integrated with any directory that supports LDAP.
It is a protocol used for time synchronisation across computer networks. It is recommended to synchronise Freja ID with a NTP server.
It is the open standard which Freja ID uses for one-time password calculation. Freja ID supports all authentication devices based on OATH, regardless of the manufacturer or specifications. Verisec fully supports OATH, which means customers can source their tokens from any OATH compliant source. This has helped dramatically drive down costs, even resulting in free tokens such as Google Authenticator.
It is an extension to the OATH standard which uses a challenge-response mechanism for authentication.
It is a password which is only valid for one authentication or transaction. OTPs are typically generated using a second-factor device – for example a hardware token or a smartphone app known as a soft token – and typically comprise a string of between 6 and 8 digits.
It is a framework for managing electronic certificates and public-key encryption or signing, with defined procedures and policies. PKI connects a key pair (public and private key) with the individual or system to which it belongs.
It is a standard format for transporting cryptographic keys. In the context of Freja ID, PSKC files are used to import token data.
It is a standardised protocol supported by numerous authentication systems and the majority of commercial off-the-shelf solutions for VPN, firewalls, etc.
It is the primary time standard used in IT and telecommunications. UTC is equivalent to GMT (Greenwich Mean Time), but it does not make adjustments for daylight saving time.
It is a way for users to send and receive data securely across a public network (usually the Internet) as if their computer was directly connected to a private network (e.g. the internal network of a company).
It is used to describe the functionality of a web service in a machine-readable way. To integrate a custom application or service with Freja ID, the WDSL file of Freja ID should be imported into the relevant project.
It is the process of confirming the identity of a person, web service or other entity.
A cryptographic seed is used as input to an encryption algorithm. One example is generating a large number of random numbers in a repeatable fashion, a technique used to generate OTPs. The seed has to be kept secret.
It is rendering data in a form that cannot be read by unauthorised persons.
It is a security device which generates one-time passwords. The term ‘token’ may refer to a physical device, but also to a piece of software which performs the same function.
Documentation can be downloaded by clicking on individual links within Freja ID and Multipliance. Each link is positioned in the top right corner of your browser. Depending on the tab you are at, a related link will be shown. E.g. if you open SSP tab, a SSP documentation link will be positioned in the upper right corner. You can also e-mail Verisec Support at firstname.lastname@example.org and ask for any documentation you need.
Development of these methods is in progress. On the roadmap for Freja Mobile is support for utilising fingerprint readers on compliant devices (for example, iPhone 5S or later) for starting the Freja Mobile application itself as well as for transaction signing.
Not at present, support for U2F FIDO profiles is on the roadmap for FMC/FMT during 2016.