Launches Protiva One Time Password Application for Mobile Users
RSA Conference, San Francisco and Mobile World Congress, Barcelona, Feb 15, 2011 - Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, introduces Protiva Mobile OTP, a convenient, secure and cost-effective new way for businesses and their employees to deploy two-factor authentication, simply using their mobile phones. The new solution is part of Gemalto’s Protiva Strong Authentication family, which encompasses the validation server and a range of Protiva authentication application software and authentication devices that allow businesses to choose the solution that best fits their needs. One Time Password (OTP) replaces static passwords with strong authentication and provides a convenient additional level of security for transactions and access control. Protiva Mobile OTP works with the popular handset platforms used in business today, including Blackberry, iPhone, including the handsets running Java, Windows CE and Brew. About Gemalto Gemalto Media Contacts:
Question for Tac captains (or anyone flying an escort) : sto
Time-based One-time Password Algorithm
Time-based One-time Password Algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time. It has been adopted as Internet Engineering Task Force standard RFC 6238,[1] is the cornerstone of Initiative For Open Authentication (OATH) and is used in a number of two factor authentication systems. TOTP is an example of a hash-based message authentication code (HMAC). In a typical two-factor authentication application, user authentication proceeds as follows: a user will enter username and password into a website or other server, generate a one-time password for the server using TOTP running locally on a smartphone or other device, and type that password into the server as well. Definition[edit] TOTP is based on HOTP with a timestamp replacing the incrementing counter. The current timestamp is turned into an integer time-counter (TC) by defining the start of an epoch (T0) and counting in units of a time step (TS). Let: Then we define
IP Address Lookup (IPv4 & IPv6) - 93.184.35.40
L'accès aux comptes Google bientôt renforcé par un double système d'identification
La sécurité est l’un des points clés à défendre pour promouvoir une application cloud. Google qui produit actuellement beaucoup d’efforts pour promouvoir sa suite Google Apps auprès des entreprises vient d’introduire une amélioration importante dans ce domaine. Il s’agit d’un système de double identification pour se connecter à un compte Google Apps. En plus de taper son nom d’utilisateur et son mot de passe, l’usager devra entrer un code qui lui aura été délivré sur son smartphone (Android, BlackBerry, iPhone) sous forme de SMS, message vocal ou via une application spéciale. Le téléphone de l'utilisateur associé à ses identifiants Google Apps Cette fonction peut être activée depuis les paramètres du compte Google Apps auquel on lie les coordonnées de son téléphone. Pour le moment, ce système de sécurité n’est disponible que pour la version anglaise des Google Apps Premier, Enseignement et Administrations. Voir aussi notre galerie d'imagesLes 10 mots de passe à ne surtout jamais employer
RFC 4226 - HOTP: An HMAC-Based One-Time Password Algorithm
[Docs] [txt|pdf] [draft-mraihi-oath...] [Diff1] [Diff2] [IPR] [Errata] INFORMATIONAL Errata Exist Network Working Group D. M'Raihi Request for Comments: 4226 VeriSign Category: Informational M. RFC 4226 HOTP Algorithm December 2005 Table of Contents 1. RFC 4226 HOTP Algorithm December 2005 1. The document introduces first the context around an algorithm that generates one-time password values based on HMAC [BCK1] and, thus, is named the HMAC-Based One-Time Password (HOTP) algorithm. 2. Today, deployment of two-factor authentication remains extremely limited in scope and scale. RFC 4226 HOTP Algorithm December 2005 forms of authentication such as Public-Key Infrastructure (PKI) or biometrics because an air-gap device does not require the installation of any client desktop software on the user machine, therefore allowing them to roam across multiple machines including home computers, kiosks, and personal digital assistants. 3. 4. 5. 5.1. 5.2. 5.3. 5.4.
L’authentification forte par OTP, l’exemple d’HOTP (OATH) « Stel
L’authentification forte peut se faire par l’usage de mots de passe à usage unique, ou OTP. Ce billet revient sur HOTP un algorithme défini initialement par l’OATH et qui a depuis été repris par l’IEFT et standardisé dans la RFC 4226. HOTP a pour objectif de définir un algorithme d’OTP simple et robuste basé sur une fonction d’HMAC, elle même basée sur SHA-1. Pour ceux ayant déjà sauté au plafond à la lecture de SHA-1, la fin du billet ne manquera pas de les rassurer :-). HOTP vise à répondre aux objectifs suivants : être basé sur un compteur ou une séquence ;être simple à implémenter même avec des ressources limitées (carte à puce) ;être utilisable sur des dispositifs ne proposant pas d’entrée utilisateur ;produire une valeur générée facilement lisible et manipulable par l’utilisateur ;être simple à re-synchroniser pour l’utilisateur ;être basé sur un secret partagé fort (ie. >= 160 bits). Les objectifs étant maintenant connus, rentrons dans le vif du sujet ! Like this: J'aime chargement…
HOTP
HOTP is an HMAC-based One Time Password algorithm. It is a cornerstone of Initiative For Open Authentication (OATH). HOTP was published as an informational IETF RFC 4226 in December 2005, documenting the algorithm along with a Java implementation. Since then, the algorithm has been adopted by many companies worldwide (see below). Definition[edit] Let: K be a secret keyC be a counterHMAC(K,C) = SHA1(K ⊕ 0x5c5c… ∥ SHA1(K ⊕ 0x3636… ∥ C)) be an HMAC calculated with the SHA-1 cryptographic hash algorithmTruncate be a function that selects 4 bytes from the result of the HMAC in a defined manner Then HOTP(K,C) is mathematically defined by HOTP(K,C) = Truncate(HMAC(K,C)) & 0x7FFFFFFF For HOTP to be useful for an individual to input to a system, the result must be converted into a HOTP value, a 6–8 digits number that is implementation dependent. HOTP-Value = HOTP(K,C) mod 10d, where d is the desired number of digits Applications[edit] Tokens[edit] Reception[edit] Implementations[edit] See also[edit]
HMAC
SHA-1 HMAC Generation. In cryptography, a keyed-hash message authentication code (HMAC) is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authentication of a message. Any cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output, and on the size and quality of the key. An iterative hash function breaks up a message into blocks of a fixed size and iterates over them with a compression function. Definition (from RFC 2104)[edit] where H is a cryptographic hash function, m is the message to be authenticated, | denotes concatenation, #! Security[edit]
