Use in two-factor authentication
By printing a PassWindow key pattern on a piece of transparent media, such as a transparent section of a plastic card, a standard plastic ID-1 card can be used as physical token ( something you have) that can be used in a two-factor authentication system.Generation of one-time passwords
Using the PassWindow system, a challenge pattern containing a string of digits and/or letters can be generated for a specific key pattern by an authentication server with knowledge of the shared secret (the user's key pattern). The user decodes the sequence of digits from the pattern using their PassWindow key and sends this as a response to the server's challenge. The correct response confirms that the client has physical access to the token. These digits are then used as a one-time password.Mutual authentication
Mutual authentication or two-way authentication (sometimes written as 2WAY authentication) refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others' identity. When describing online authentication processes, mutual authentication is often referred to as website-to-user authentication, or site-to-user authentication.Passive mutual authentication with PassWindow
In the simplest case, the client verifies that the server from which they are receiving their challenge by confirming that the solution is intelligible when they superimpose their key over the challenge. An unintelligible or corrupted challenge alerts the user that they may not be connected to the server they intend.Transaction verification
In addition, a known string of digits may be encoded into the challenge at the time of generation to provide additional server-to-client authentication to prevent the replay of stored challenges. Known as a verification code, examples include destination account numbers or transaction totals when used to secure online monetary transactions. This use is often referred to as transaction verification and forms the primary basis for PassWindow's exceptional resilience to Man-in-the-middle (MITM) and Man-in-the-browser (MITB) attacks.History
Matt Walker, Australian, invented the original PassWindow concept after many years researching various online two-factor authentication systems. The high cost of many electronic token systems, as well as their inability to protect against an ever-increasing array of complex attacks, forced Matthew to completely rethink the way modern authentication is conducted. During the intervening period, while the security world looked for ever more complex and high-tech solutions, which it was apparent were increasingly vulnerable to ever more complex and high tech attacks, Matthew decided to take the opposite approach and look for an authentication solution with pure simplicity at its core. In the process, he discovered an entirely new secure method in online security.About PassWindowMedia appearances
* PassWindow first appeared in the media in May 2009 as a 'Cheap solution for security' on account of its ability to securely produce one-time passwords without the need for electronics to be deployed to its end users.K. Dearne,References
External links