|
LinOTP
LinOTP is Linux-based software to manage authentication devices for two-factor authentication with one time passwords. It is implemented as a web service based on the python framework Pylons. Thus it requires a web server to run in. LinOTP is mainly developed by the German company KeyIdentity GmbH. Its core components are licensed under the Affero General Public License. It is an open source authentication server certified by the OATH initiative for open authentication for its 2.4 version. Overview As a web service LinOTP provides a REST-like web API. All functions can be accessed via Pylons controllers. Responses are returned as a JSON object. LinOTP is designed in a modular way enabling user store modules and token modules. Thus it is capable of supporting a wide range of different tokens. Features * Supported tokens: :* SafeNet eToken Pass :* SafeNet Safeword Alpine :* mOTP :* Lost token :* Paper token :* Feitian C-100 (HOTP) :* Feitian C-200 (TOTP) :* Feit ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
PrivacyIDEA
privacyIDEA is a two factor authentication system which is multi-tenency- and multi-instance-capable. It is opensource, written in Python and hosted at GitHub. privacyIDEA is a LinOTP's fork from 2014. Fields of use privacyIDEA provides an authentication backend for various kinds of applications (including SSH, VPN, as well as web applications such as ownCloud). Thus it is meant to replace classical proprietary two factor authentication systems such as RSA SecurID or Vasco. It supports single sign-on via SAML. It is also possible to login with a second factor to Windows desktops using a privacyIDEA Credential Provider. Installation privacyIDEA runs on-premises as a web application on a Linux system. It can be set up quickly and easily. It can run on Debian, Ubuntu and RedHat. Authentication devices privacyIDEA supports a wide variety of authentication devices. Amongst those are hardware tokens like Feitian C200, the Yubikey by Yubico or other U2F/WebAuthn devices. Many ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Google Authenticator
Google Authenticator is a software-based authenticator by Google that implements two-step verification services using the Time-based One-time Password Algorithm (TOTP; specified in RFC 6238) and HMAC-based One-time Password algorithm (HOTP; specified in RFC 4226), for authenticating users of software applications. When logging into a site supporting Authenticator (including Google services) or using Authenticator-supporting third-party applications such as password managers or file hosting services, Authenticator generates a six- to eight-digit one-time password which users must enter in addition to their usual login details. Google provides Android, BlackBerry, and iOS versions of Authenticator. An official open-source fork of the Android app is available on GitHub. However, this fork has not been updated since 2020. Likewise, for old versions of the Google Authenticator apps for iOS and BlackBerry, the source code is also freely available. Yet this source code, too, has not ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Gemalto
Gemalto was an international digital security company providing software applications, secure personal devices such as smart cards and tokens, and managed services. It was formed in June 2006 by the merger of two companies, Axalto and Gemplus International. Gemalto N.V.'s revenue in 2018 was €2.969 billion. The company was purchased by Thales Group in April 2019 and is now operating as Thales DIS (Digital Identity and Security). Gemalto was until its acquisition the world's largest manufacturer of Subscriber identity module, SIM cards. Thales DIS is headquartered in Amsterdam, The Netherlands, and has subsidiaries and group companies in several countries. It has approximately 15,000 employees in 110 offices; along with 24 production sites, 47 personalization centers, and 35 R&D centers in 47 countries. History In June 2006, smart card providers Gemplus and Axalto merged to become Gemalto (a portmanteau of the original company names.) Axalto was a Schlumberger IPO spin-off i ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OTPW
OTPW is a one-time password system developed for authentication in Unix-like operating systems by Markus Kuhn (computer scientist), Markus Kuhn. A user's real password is not directly transmitted across the Computer networking, network. Rather, a series of one-time passwords is created from a short set of characters (constant secret) and a set of one-time tokens. As each single-use password can only be used once, passwords intercepted by a Packet sniffer, password sniffer or Keystroke logging, key logger are not useful to an attacker. OTPW is supported in Unix and Linux (via pluggable authentication modules), OpenBSD, NetBSD, and FreeBSD, and a generic open source implementation can be used to enable its use on other systems. OTPW, like the other one-time password systems, is sensitive to a man in the middle attack if used by itself. This could for example be solved by putting Secure Sockets Layer, SSL, SPKM or similar security protocol "under it" which authenticates the server and ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
HMAC-based One-time Password Algorithm
HMAC-based one-time password (HOTP) is a one-time password (OTP) algorithm based on HMAC. It is a cornerstone of the Initiative for Open Authentication (OATH). HOTP was published as an informational IETF RFC 4226 in December 2005, documenting the algorithm along with a Java implementation. Since then, the algorithm has been adopted by many companies worldwide (see below). The HOTP algorithm is a freely available open standard. Algorithm The HOTP algorithm provides a method of authentication by symmetric generation of human-readable passwords, or ''values'', each used for only one authentication attempt. The one-time property leads directly from the single use of each counter value. Parties intending to use HOTP must establish some ; typically these are specified by the authenticator, and either accepted or not by the authenticated: * A cryptographic hash method ''H'' (default is SHA-1) * A secret key ''K'', which is an arbitrary byte string and must remain private * A counte ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Time-based One-time Password Algorithm
Time-based one-time password (TOTP) is a computer algorithm that generates a one-time password (OTP) that uses the current time as a source of uniqueness. As an extension of the HMAC-based one-time password algorithm (HOTP), it has been adopted as Internet Engineering Task Force (IETF) standard . TOTP is the cornerstone of Initiative for Open Authentication (OATH), and is used in a number of two-factor authentication (2FA) systems. History Through the collaboration of several OATH members, a TOTP draft was developed in order to create an industry-backed standard. It complements the event-based one-time standard HOTP, and it offers end user organizations and enterprises more choice in selecting technologies that best fit their application requirements and security guidelines. In 2008, OATH submitted a draft version of the specification to the IETF. This version incorporates all the feedback and commentary that the authors received from the technical community based on the prior v ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Security Token
A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples of security tokens include wireless keycards used to open locked doors, or in the case of a customer trying to access their bank account online, bank-provided tokens can prove that the customer is who they claim to be. Some security tokens may store cryptographic keys that may be used to generate a digital signature, or biometric data, such as fingerprint details. Some may also store passwords. Some designs incorporate tamper resistant packaging, while others may include small keypads to allow entry of a PIN or a simple button to start a generating routine with some display capability to show a generated key number. Connected tokens utilize a variety of interfaces including USB, near-field communication (NFC), radio-frequency identification (RFID), or Bluetoo ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Multitenancy
Software multitenancy is a software architecture in which a single instance of software runs on a server and serves multiple tenants. Systems designed in such manner are "shared" (rather than "dedicated" or "isolated"). A tenant is a group of users who share a common access with specific privileges to the software instance. With a multitenant architecture, a software application is designed to provide every tenant a dedicated share of the instance - including its data, configuration, user management, tenant individual functionality and non-functional properties. Multitenancy contrasts with multi-instance architectures, where separate software instances operate on behalf of different tenants. Some commentators regard multitenancy as an important feature of cloud computing. Adoption History of multitenant applications Multitenant applications have evolved from—and combine some characteristics of—three types of services: # Timesharing: From the 1960s companies rented spac ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
FreeRADIUS
FreeRADIUS is a modular, high performance free RADIUS suite developed and distributed under the GNU General Public License, version 2, and is free for download and use. The FreeRADIUS Suite includes a RADIUS server, a BSD-licensed RADIUS client library, a PAM library, an Apache module, and numerous additional RADIUS related utilities and development libraries. In most cases, the word "FreeRADIUS" refers to the free open-source RADIUS server from this suite. FreeRADIUS is the most popular open source RADIUS server and the most widely deployed RADIUS server in the world. It supports all common authentication protocols, and the server comes with a PHP-based web user administration tool calledialupadmin It is the basis for many commercial RADIUS products and services, such as embedded systems, RADIUS appliances that support Network Access Control, and WiMAX. It supplies the AAA needs of many Fortune-500 companies, telcos, and Tier 1 ISPs. It is also widely used in the academi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OpenID
OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party identity provider (IDP) service, eliminating the need for webmasters to provide their own ''ad hoc'' login systems, and allowing users to log in to multiple unrelated websites without having to have a separate identity and password for each. Users create accounts by selecting an OpenID identity provider, and then use those accounts to sign on to any website that accepts OpenID authentication. Several large organizations either issue or accept OpenIDs on their websites. The OpenID standard provides a framework for the communication that must take place between the identity provider and the OpenID acceptor (the "relying party"). An extension to the standard (the OpenID Attribute Exchange) facilitates the transfer of user attributes, such as name and gender, f ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SAML
Security Assertion Markup Language (SAML, pronounced ''SAM-el'', ) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions). SAML is also: * A set of XML-based protocol messages * A set of protocol message bindings * A set of profiles (utilizing all of the above) An important use case that SAML addresses is web-browser single sign-on (SSO). Single sign-on is relatively easy to accomplish within a security domain (using cookies, for example) but extending SSO across security domains is more difficult and resulted in the proliferation of non-interoperable proprietary technologies. The SAML Web Browser SSO profile was specified and standardized to promote interoperability.J. Hughes et al. ''Profiles for the OASIS Security Assertion Markup Language ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Pluggable Authentication Modules
A pluggable authentication module (PAM) is a mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface (API). PAM allows programs that rely on authentication to be written independently of the underlying authentication scheme. It was first proposed by Sun Microsystems in an Open Software Foundation Request for Comments (RFC) 86.0 dated October 1995. It was adopted as the authentication framework of the Common Desktop Environment. As a stand-alone open-source infrastructure, PAM first appeared in Red Hat Linux 3.0.4 in August 1996 in the Linux PAM project. PAM is currently supported in the AIX operating system, DragonFly BSD, FreeBSD, HP-UX, Linux, macOS, NetBSD and Solaris. Since no central standard of PAM behavior exists, there was a later attempt to standardize PAM as part of the X/Open UNIX standardization process, resulting in the X/Open Single Sign-on (XSSO) standard. This standard was not ratified, but the standard d ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
