OTAC (One-Time Authentication Code)
A new paradigm for user authentication and device authentication
Based on the world’s first one-way dynamic authentication technology, the One-Time Authentication Code(OTAC) originally invented by SSenStone, provides more secure authentication by the only uni-directional dynamic token to overcome bi-directional limitations such as high dependency on push&pull system of network connectivity between clients and servers. By reinventing authentication, SSenStone sets a new standard for authentication in cybersecurity beyond the limitation of existing authentication methods.
What we face
A cyber-attack takes place somewhere around the world once every 39 seconds. As a result, there were 8 billion pieces of sensitive personal information being leaked to the market in 2019. These all cost the global economy a staggering $2.9M every minute in 2020. But WHY does this happen?
Risk of static
Card numbers, ID, password, and PINs which we use every day are great examples of static information used as authentication credentials. Knowledge-based authentication – whether with PINs, passwords, or passphrases – not only causes a major headache for users, but is also costly to maintain. As the world gets more connected, using static information for authentication carries with it a huge vulnerability allowing cyber crimes such as identity theft, card-not-present fraud, and hijacking to take place.
ID / PW
- Static information
- Easily lost and stolen
OTP, which is widely used for secure identity authentication, cannot perform user authentication alone, so an initial authentication step (usually ID and password) is required. Since you must go through more than one authentication step, the complexity feels even greater for users.
- On its own, it is not enough to identify a user
- It always requires initial self-authentication
between a user and a server
In locations with a poor network, it is a big headache to force the use of a communication network for authentication. The token method is used in numerous authentication environments and has become one of the most common ways of performing secure authentication by obtaining access rights through a specific point-in-time comparison of the authentication key generated by a token service operator (TSP). This is limited due to the reliance on connectivity between a user, a server, and a TSP. It also only operates in an environment controlled by a central server.
- Requires network connection
What we offer
SSenStone’s OTAC technology combines the advantages of the three most common authentication systems – user ID/passwords, RSA hardware/software for generating authentication codes, and tokenisation. This provides a solution that is more efficient and more effective than any of these elements individually.
It generates a single dynamic code that both identifies and authenticates the user at the same time and can do so without a network connection. And because it’s a single-use, time-based code that’s unique to the user, it can’t be used by someone else or used again.
OTAC completes stronger security by generating dynamic authentication codes even in an off-the-network environment.
Use of API/SDK to bring simple and frictionless integration for IT admins.
The lightness of OTAC enables applications in multiple industries and not limited to devices.
No need to build heavy token infrastructure. Save costs associated with network traffic, maintenance, and fraud compensation.
Existing Authentication Methods
High risk of information breach with static information
Difficult to identify/authentication the user with OTP alone
High dependency on push&pull system of network connectivity between clients and servers
Duplication-free dynamic code authentication prevents from various breach risks
Identify and authenticate the user with dynamic codes alone
Dynamic code generates without network connectivity
How it works
To access a system using OTAC, authorised users can use their mobile devices. Also, other devices can be added for an extra layer of security such as an employee ID or bank card enabled with OTAC. By launching the SSenStone app or the client’s own app integrated with OTAC, and then tapping the ID or bank card on the mobile device, users can generate a one-time alphanumeric or QR code.
In effect, the user’s device acts like a token server, generating a one-time code for access without the need to connect to networks. Identification and authorisation are then both enabled when users insert or scan their code into the system they want to access.
Where to use
OTAC technology can generate dynamic virtual card details without a network connection, thereby adding an extra layer of security to the payment process. This patented technology is a CNP (card not present) fraud prevention solution that replaces static card information with dynamic details, which gives users full control over their security and finance.
Current digital key solutions require network connectivity when it comes to car sharing to receive and activate the key. There can be an issue when the vehicle is located in a basement or rural area where network connectivity is weak. OTAC allows drivers to access a vehicle in a networkless environment. No matter where the driver or car is located, there are no obstacles for drivers activating the digital key and sharing it with an authorized person.
OTAC is unidirectional authentication technology that allows devices to simply authenticate your user/object with the dynamic code. Enable your users to locally generate OTAC and deliver it over various channels such as voice, keypad, Bluetooth, etc. Algorithm size under 4KB fits into any device chips for enhanced security.
Enterprises are moving towards microservice environments implemented with end-to-end trust. However, authentication flows can be cumbersome and involve many round-trips, with an irreducible time cost for each authorisation services can become overwhelmed as each microservice relies on them for access control. OTAC allows secure authentication of a user in a single-ended flow, greatly reducing the number of round trips.
IAM (Identity & Access Management)
Forget passwords and OTPs. Users can securely access services by generating OTAC even in an off-the-network environment. With OTAC, access your company applications anywhere and anytime. As long as OTAC guarantees hassle-free log-in, remote working is no longer a problem.
In the middle of a battle in a war, it is very difficult to identify your friendlies or targets. The current solution to the problem is to identify friendlies from their devices using static information, which can be hacked and used by the enemy. OTAC can completely eliminate this risk by generating dynamic codes locally without a network. Wherever a soldier is located, their device will send a dynamic code which hackers cannot steal so that their own force can identify securely.
make your service reliable with SSenStone!
5F, 329, Cheonho-daero Dongdaemun-gu, Seoul, Republic of Korea
Contact below if you have an urgent inquiry.
Korea Office (SSenStone)
5F, 329, Cheonho-daero Dongdaemun-gu, Seoul, Republic of Korea (02622)
Tel : 02-569-9668 | Fax : 02-6455-9668
UK Office (swIDch)
swIDch Ltd Office 176, 1st Floor, 3 More London Riverside, London SE1 2RE
Tel : 020-3283-4081