Two Factor Authentication

Setting aside the fact that smartcards and other cryptographic devices constitute "two factor" authentication, the term is often used to refer to a large class of personal authentication devices that generate a pass phrase or other login code, used to access online resources. There are three important sub-classes:

Time Syncronised One Time Password: every thirty seconds or so, the device generates a fresh pseudo random one time password. The pseudo random number generator is seeded uniquely for each specific device.

Event Based One Time Password: Again, a pseduo RNG generates one time passcodes in sequence, but instead of doing so autmatically and periodicially, the event based OTP requires a button to be pressed. It is therefore an electornic version of the "Tranbsaction Authentication Number" (TAN) card. An attempt to standardise the interoperability of this important class of devices has been organised by the OATH initiative.

Challenge Responce device: usually resembe a small hand-held calculator, into which a challenge code is typed, which is cryptogrqphically transformed into a unique response code, using keys unique to each specific device. Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I