Personal tools
You are here: Home wikidblog
« January 2009 »
Mo Tu We Th Fr Sa Su
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  
 
2008/11/06
Document Actions

Embedding WiKID two-factor authentication in your Web application

One of our customers, Online Banking Solutions offers banks and financial institution software for commercial account management. They have embedded WiKID for two-factor and mutual https authentication in both the server side and on their optional client. The combined client facilitates the initial validation process, performs session authentication using the one-time passcode and performs mutual https authentication to prevent MITM attacks.

The product is a single-sign on solution that aggregates access to the numerous applications a single corporate banker might use:

This new feature of the Secure Desktop client enables the bank to package the desktop with a pre-determined list of web sites to be accessed with the embedded web browser. While the user can move back and forward, refresh the page or even detach the browser for better viewing, no web URL can be entered into the embedded browser.

This capability, when coupled with the OBS WiKID two-factor authentication, can be used to provide a bank single sign-on (SSO) service for multiple bank web applications.

And here's a screen shot of the combined client showing the OTP:

OBS uses the Java network client that comes with the server. We also have network clients for C#, PHP, Ruby and Python

Category(s)
Two Factor Authentication
Authentication Attacks
Phishing and Fraud
WiKID
Mutual Authentication

Re:Embedding WiKID two-factor authentication in your Web application

Posted by admin at Nov 11, 2008 02:40 PM
I should have added that this application also uses a "Site Specific Browser" for added security. Only approved sites are accessible and each approved site gets mutual https authentication.
2008/11/11

PCI expanding to Europe

According to Security Fix Visa is going to enforce PCI DSS in Europe:

Visa Inc. on Monday dramatically expanded its credit and debit card security requirements to retailers in Europe, an unexpected move that could be a financial boon to security auditing companies, but a huge cost for European merchants already feeling the pinch from the global financial crisis.
I'm fascinated that this is a surprise. My reaction was, "hmm I would have thought the PCI already applied in Europe".

Category(s)
Phishing and Fraud
Information Security
PCI
2008/11/12

Citrix on the need for two-factor authentication

Specifically, two-factor authentication for Citrix Web Interface. The article doesn't say if Web Interface supports radius, but a quick google search seems to indicate it does. This configuration seems exactly the same as setting up WiKID and Citrix Access Gateway.

Category(s)
Two Factor Authentication
WiKID
2008/11/14

The Express Scripts Bounty

Now this could be interesting. Express Scripts is offering $1,000,000 reward for information leading to the arrest and conviction of the attacker trying to blackmail them. That is a lot of Ameros.

If this works, then we can expect to see a lot more of it. If it doesn't then perhaps we will see a lot more blackmail?

Category(s)
Security and Economics
Information Security
PCI
Start using WiKID today
Got Questions? Get Answers.