Phishing attacks are becoming more sophisticated. The next generation of attacks is taking place in real-time – for example by using proxies to emulate the spoofed websites of online banks – even with valid SSL certificates issued by known authorities.
The patent pending Man-in-the-middle Proof Authentication (MPA) concept invented by PrivaSphere and renowned Swiss information security experts from industry and academia is the solution to this threat. With this new method, user authentication is tied to the secure communication connection, empowering the organization and the client to see when they are connected by a direct link without interruption. Most of the popular authentication methods like password, Challenge Response, EMV, one time password (OTP), scratch list and access card can be supported.
- MPA enables your organization to prevent man-in-the-middle attacks (MITM).
- Minimum user impact.
- In many cases, authentication systems used today can be retrofitted.
- Avoid costs related to a complex PKI deployment to your customers.
- Protect your organization from damage resulting from a phishing attack to your ecommerce application.
- Prevent loss of reputation and loss of confidence in the electronic business channel.
- Oppliger, R., Hauser, R., and D. Basin, Browser Enhancements to Support SSL/TLS Session-Aware User Authentication, Position paper, W3C Workshop on Transparency and Usability of Web Authentication, New York, USA, March 15 - 16, 2006
- Oppliger, R., Hauser, R., and D. Basin, SSL/TLS Session-Aware User Authentication-Or How to Effectively Thwart the Man-in-the-Middle, Computer Communications, accepted for publication. Read more ...
The patent is owned by VASCO Data Security International, Inc.