KOREAN / ENGLISH
SSenStone
  • About Us
  • Technology
    • OTAC
    • FIDO
  • Solutions
    • OTAC Solutions
      • swIDch: OT Auth
        • - PLC OTAC
        • - OTAC Trusted Access Gateway
        • - OTAC auth - MFA for PLCnext
      • swIDch: Fin Auth
        • - TAP OTAC
        • - OTAC Holderless Card
        • - OTAC Dynamic Token
      • swIDch: IoT Auth
        • - IoT Auth Platform OTAC
        • - Smart Building OTAC
        • - HomeNet OTAC
        • - Connected Car OTAC
        • - Drone OTAC
      • swIDch: Access Auth
        • - Identity&Access Management OTAC
    • FIDO & mOTP Solutions
      • swIDch Auth
        • - swIDch Auth Package
        • - swIDch Auth SDK
  • Case Studies
    • Case Studies
      • Toss Bank
      • Kakao
      • A-Card Bank
      • E-Stamp : Indonesia
      • Milipass
  • News
    • News & Information
    • Blog
    • Video
  • Contact
  • About Us
  • Technology
    • - OTAC
    • - FIDO
  • Solutions
    • OTAC solutions
      • swIDch: Finance
        • - TAP-OTAC
        • - OTAC Holderless Card
        • - OTAC Dynamic Token
      • swIDch: OT
        • - PLC-OTAC
        • - MFA for PLCnext
      • swIDch: IoT
        • - IoT Auth Platform OTAC
        • - Smart Building OTAC
        • - HomeNet OTAC
        • - Connected Car OTAC
        • - DroneOTAC
      • swIDch: Access
        • - Identity & Access Management
    • FIDO & mOTP Solutions
      • swIDch Auth
        • - swIDch Auth Package
        • - swIDch Auth SDK
  • Case Studies
    • Case Studies
      • - Toss Bank
      • - Kakao Bank
      • - A-Card Bank
      • - E-Stamp : Indonesia
      • - Milipass
  • News
    • - News & Information
    • - Blog
    • - Video
  • Contact

Technology

OTAC (One-Time Authentication Code)

A new paradigm for user authentication and device authentication

Based on the world’s first one-way dynamic authentication technology, the One-Time Authentication Code(OTAC) originally invented by SSenStone, provides more secure authentication by the only uni-directional dynamic token to overcome bi-directional limitations such as high dependency on push&pull system of network connectivity between clients and servers. By reinventing authentication, SSenStone sets a new standard for authentication in cybersecurity beyond the limitation of existing authentication methods.

What we face

A cyber-attack takes place somewhere around the world once every 39 seconds. As a result, there were 8 billion pieces of sensitive personal information being leaked to the market in 2019. These all cost the global economy a staggering $2.9M every minute in 2020. But WHY does this happen?

 

Risk of static
information

 

Card numbers, ID, password, and PINs which we use every day are great examples of static information used as authentication credentials. Knowledge-based authentication – whether with PINs, passwords, or passphrases – not only causes a major headache for users, but is also costly to maintain. As the world gets more connected, using static information for authentication carries with it a huge vulnerability allowing cyber crimes such as identity theft, card-not-present fraud, and hijacking to take place.

problem_icon1

ID / PW

 

- Static information

- Easily lost and stolen

Complex
authentication process

 

OTP, which is widely used for secure identity authentication, cannot perform user authentication alone, so an initial authentication step (usually ID and password) is required. Since you must go through more than one authentication step, the complexity feels even greater for users.

problem_icon2

OTP

 

- On its own, it is not enough to identify a user

- It always requires initial self-authentication
between a user and a server

Network connection
distress

 

In locations with a poor network, it is a big headache to force the use of a communication network for authentication. The token method is used in numerous authentication environments and has become one of the most common ways of performing secure authentication by obtaining access rights through a specific point-in-time comparison of the authentication key generated by a token service operator (TSP). This is limited due to the reliance on connectivity between a user, a server, and a TSP. It also only operates in an environment controlled by a central server.

problem_icon3

Token

 

- Requires network connection

- Bi-Directional

What we offer

SSenStone’s OTAC technology combines the advantages of the three most common authentication systems – user ID/passwords, RSA hardware/software for generating authentication codes, and tokenisation. This provides a solution that is more efficient and more effective than any of these elements individually.

It generates a single dynamic code that both identifies and authenticates the user at the same time and can do so without a network connection. And because it’s a single-use, time-based code that’s unique to the user, it can’t be used by someone else or used again.

Strong

Security

 

OTAC completes stronger security by generating dynamic authentication codes even in an off-the-network environment.

Seamless

Integration

 

Use of API/SDK to bring simple and frictionless integration for IT admins.

Unlimited scalability

&flexibility

 

The lightness of OTAC enables applications in multiple industries and not limited to devices.

Unbelievable

cost saving

 

No need to build heavy token infrastructure. Save costs associated with network traffic, maintenance, and fraud compensation.

Existing Authentication Methods

  • High risk of information breach with static information

  • Difficult to identify/authentication the user with OTP alone

  • High dependency on push&pull system of network connectivity between clients and servers

OTAC

  • Duplication-free dynamic code authentication prevents from various breach risks

  • Identify and authenticate the user with dynamic codes alone

  • Dynamic code generates without network connectivity

play_arrow
OTAC_tech기술표_eng

How it works

To access a system using OTAC, authorised users can use their mobile devices. Also, other devices can be added for an extra layer of security such as an employee ID or bank card enabled with OTAC. By launching the SSenStone app or the client’s own app integrated with OTAC, and then tapping the ID or bank card on the mobile device, users can generate a one-time alphanumeric or QR code.

 

In effect, the user’s device acts like a token server, generating a one-time code for access without the need to connect to networks. Identification and authorisation are then both enabled when users insert or scan their code into the system they want to access.

 

otac_access login-2

OTAC Algorithm Analysis and Academic Verification

report_otac_surrey univ

The University of Surrey, one of the leading global cyber security companies in the UK, conducted OTAC algorithm analysis and academic verification of SSenStone. For the full text of the thesis, please visit the University of Surrey website and download the report.

 

Univ. of Surrey Website
Download the Report

New Excellent Technology (NET) Certification Acquired

NET신기술인증-removebg-preview

SSenStone has received the NET Certification from the Ministry of Trade, Industry, and Energy for its "Individual IoT Device Authentication and Transmission Data Security Technology through Unidirectional Dynamic Authentication (OTAC)."

 

NET Website
Press Release

International Common Criteria (CC) Certification Achieved

국제CC인증_엠블럼 (png)

OTACTokenV1.0, the authentication solution based on the world’s first unidirectional dynamic authentication technology, OTAC, has earned the international Common Criteria (CC) certification. For more information, please refer to the press release.

 

ITSCC Website
Press Release

OTAC for Phygital Wins IR52 Jang Yeong-sil Award

IR52 logo

SSenStone's OTAC for Phygital has been awarded the 40th-week IR52 Jang Yeong-sil Award for 2024, hosted by the Ministry of Science and ICT. For more details, please visit the official IR52 Jang Yeong-sil Award homepage or the press release.

 

IR52 Website
Press Release

Where to use

finance solution_img_tap otac

swIDch: Fin Auth

SSenStone provides authentication solutions that allow anyone to conduct financial transactions easily and conveniently, as well as fundamentally block external threats in the identity and transaction authentication process.


Read more

swIDch OT thumb nail

swIDch: OT Auth

SSenStone's PLC-OTAC surpasses the vulnerability of password-based authentication methods, offering a secure and advanced user authentication process using one-way dynamic codes, eliminating the risk of duplication.


Read more

solution_iot-1

swIDch: IoT Auth

SSenStone’s proven authentication solution provides a reliable foundation to manage all connected assets more safely and efficiently through secure access and control of all Internet of Things connected to the network.

Read more

solution_iam

swIDch: Access Auth

SSenStone’s OTAC provides control to users in mobile and remote work environments or grants a certain level of authority to access corporate resources and networks.

Read more

Insights

  • The Future of Financial Security in the Face of Phishing Attacks

    In recent years, financial security incidents, especially phishing attacks, have become a serious...

    Read more

  • How is ChatGPT addressing financial fraud?

    Last year, after giving birth, I hired a postpartum doula to help me. After trying out a few...

    Read more

  • Solving Voice Phishing and Smishing Security Issues: SSenStone's Personal Information Authentication Technology

    Today, I'd like to discuss a crucial financial security issue that affects us all, and explore the...

    Read more

  • Securing the Seas through Advanced Authentication Revolutionising Safer and Cleaner Shipping

    The maritime industry is undergoing a significant transformation, driven by the dual imperatives of...

    Read more

Contact Us

Improve your authentication environment and
make your service reliable with SSenStone!

Inquire now.

5F, 329, Cheonho-daero Dongdaemun-gu, Seoul, Republic of Korea

Contact below if you have an urgent inquiry.

Korea Office (SSenStone)

5F, 329, Cheonho-daero Dongdaemun-gu, Seoul, Republic of Korea (02622)

Tel : 02-569-9668  |  Fax : 02-6455-9668

im@ssenstone.com

UK Office (swIDch)

Floor 1, 3 More London SE1 2RE, United Kingdom

Tel : 020-3283-4563

info@swidch.com

SSenStone Inc.

5F, 329 Cheonho-daero Dongdaemun-gu, Seoul, Republic of Korea (02622)

T. 02-569-9668

F. 02-6455-9668

E. im@ssenstone.com

Sitemap

Copyright© SSenStone Inc. All rights reserved.