Two-Factor Authentication

Internet fraud is a threat to all institutions that provide online banking, shopping, gaming etc. Successful frauds do not only have immediate financial implications, they can also lead to bad press and customers cancelling their service, leaving for a more secure one. Todos eCode, as a Two-Factor Authentication (2FA), offers protection from all existing kinds of fraud attacks.

OTP - One Time Password

OTP prevents the following attacks: Key logging, Screen logging and Shoulder-Surfing. By the time the attacker sees the OTP being entered, it is already too late, since the OTP is already used and not valid anymore. If the OTP is logged or recorded in any way, it is of no value to the attacker since it is only valid once and only at the time it is used. OTP combined with a password and/or a PIN is one way obtaining Two Factor Authentication.

Double Authentication

Todos eCode Double Authentication (DA) is a development for enhancing the function of a One Time Password (OTP1 generating device that can not accept a challenge in a Challenge/Response scheme. By displaying a prefix to the next OTP on the web page, the end user is given a protective tool for not giving away any secret before he or she is assured that the current connection is with the correct bank system.

Challenge-response

Challenge-response authentication is the common name for the process in which one party presents a question (challenge) and another party must provide a valid answer (response) to be authenticated. The challenge can be a random number presented to the user, who enters it using his eCode device. The response is then calculated and presented to the user. The user enters the response back to the service provider site, which authenticates it.

Sign-what-you-see

Sign-What-You-See is a method with which the end-user can verify all transaction data in the card reader, then enter PIN and sign the complete transaction using the secure eCode device. The card reader is virtually or directly connected to the bank system through a secure connection; this method prevents Man-In-The-Middle-attacks.

Secure Domain Seperation

To maximize user awareness by increasing the active participation in Internet banking, Todos has developed a new concept called Secure Domain Separation. This introduces several new function keys on Todos’ end-user devices. Each key has a specific function and is used in specific transaction situations, and in separate functions such as; login, the signing of a bank transaction or the making of an e-purchase. Using different keys for different activities heightens the end user’s awareness.

Dynamic Signatures

Dynamic Signatures are risk based and enable the bank to control the risk in each and every transaction, dynamically – today and tomorrow. Internet attacks are becoming more sofisticated and more precise, with respect to choosing the most profitable target. Hence banks have to prepare to respond to this development. By introducing a more complex signing procedure for high-risk transactions only, it will become more obvious to the customer why complexity is increased. This means that banks can guarantee secure payments with the same procedure as the customer is used to

to top

The Todos eCode devices are a family of end user devices, each of them emphasise different capabilities in respect of security, usability, and look & feel experience. In addition, the Todos eCode devices can support different cost down projects in terms of efficient and easy logistics and piggy back on existing infrastructure for distribution. The eCode Solution consists of three parts; a security application on a smart card or in the token, a smart card terminal or the token itself, and a host system.

eCode Authenticator	eCode ezToken	eCode ezToken PIN	Argos Mini II	eCode Connectable

to top

The Todos eCode Server supports a variety of different Two-Factor Authentication solutions based on One Time Passwords (OTP), Challenge/Response and Electronic Signatures. The system is completely configurable and allows you to combine different authentication schemes with different devices for authentication. This means that by using the Todos eCode Server you can simultaneously use different types of end-user devices, OTP standards and algorithms.

The Todos eCode Server is designed with banks in focus. Hence security level built into the eCode Server complies with a vast number of banking security requirements as well as known standards regarding key management.

Through its capability to support several authentication solutions simultaneously, the Todos eCode Server allows you to differentiate customers and support different customer needs. Furthermore you can allow one customer to use several devices, i.e. multiple credit/debit cards and let the customer access his services depending on what card is used or even have the same access via different cards.

to top