 | ||
Definition
In a broad sense, one time authorization code (OTAC) means a code that valid for only one session to authenticate a user`s identity. It is not only used in mechanisms to identify a user’s identity in daily life, but also used in processes that allows desktop client for web application to securely authenticate to the web application in the field of computer technology.
Contents
- Definition
- Benefits
- Mobile Phone
- Telephone
- Computer
- Application
- Post
- Expansion
- Web Applications that utilize One Time Authorization Codes
- References
Benefits
Passwords that continuously used in daily life or stored on the desktop can easily be deciphered and compromised. Use of one time authorization code (OTAC) removes the need for remembering/storing/caching user's actual passwords.
This method of authenticating have two benefits:
- The user's actual username/password are never transmitted over the network;
- The user has to never remember/cache/store the username/passwords.
Mobile Phone
Mobile phone itself can be a hand-held authentication token and mobile text messaging is the one of the ways of using one time authorization code (OTAC) through mobile phone. In this way, a service provider sends a text message that includes one time authorization code (OTAC) which is enciphered by digital certificate to a user for authentication. According to a report, mobile text messaging provides high security when it uses public key infrastructure (PKI) to provide bidirectional authentication and non-repudiation, which accord with theoretical analysis.
Mobile text messaging as a one time authorization code (OTAC) is broadly used in our daily life including the banking service, card service and also security service.
Telephone
There are two methods that using the telephone to identify a user’s authentication.
First, a service provider shows a one time authorization code (OTAC) on the computer or smart phone screen and then make an automatic telephone call to a number which has already authenticated. Then a user enter the one time authorization code (OTAC) that appears on their screen into your telephone keypad.
Second, as the way to authenticate and active Microsoft Programmes, user calls to a number which is provided by the service provider and enter the one time authorization code (OTAC) that the phone system gives user.
Computer
In the field of computer technology, it is known that using one time authorization code (OTAC) through email, in a broad sense, and using one time authorization code (OTAC) through web-application, in a professional sense.
An email is one of the common ways of using one time authorization code (OTAC) and it divided into two big methods.
First, a service provider send a personalised one time URL link to authenticated email address e.g. @ucl.ac.uk and when a user click the URL link, then the server authenticate the user.
Second, a service provider send a personalised one time authorization code (OTAC) e.g. Enciphered token to authenticated email address and when a user types the one time authorization code (OTAC) into website, then the server authenticate the user.
Application
The web application generates a unique code (pin) that the user can input into the desktop client, the desktop client in turn uses that code to authenticate itself to the web application.
This form of authentication is particularly useful in web applications that do not have an internal username/password store but instead use SAML for authentication. Since SAML only works within the browser, a desktop based web application client can not successfully authenticate using SAML. Instead, the client application, can use the one time authorization code (OTAC) to authenticate itself to the web application.
In addition, it is able to use the OAuth 2.0 authorization framework when a third party application needs to obtain limited access to an HTTP service.
Post
It is possible to send one time authorization code (OTAC) to a user via post or a registered mail. When a user request one time authorization code (OTAC), a service provider send it via post or a registered mail and then a user can use it for authentication. For example, in the UK, some banks send their one time authorization code (OTAC) for Internet banking authorization via post or a registered mail.
Expansion
Quantum cryptography which based on uncertainty principle is one of the ideal methods to produce one time authorization code (OTAC).
Moreover, it has been discussed and used not only using an enciphered code for authentication but also using Graphical one time PIN authentication such as QR code which provides decentralized access control technique with anonymous authentication.