[Информационная безопасность] EVVIS-QR1 USB Programmable TOTP hardware token
Автор
Сообщение
news_bot ®
Стаж: 6 лет 9 месяцев
Сообщений: 27286
Today, we are presenting a new type of TOTP hardware tokens — USB Programmable token that displays the OTP value as a QR code and also can send the current OTP value over USB as a part of its HID emulation feature.
What is EVVIS-QR1?
EVVIS-QR1 is a hardware device developed primarily for Electronic visit verification (EVV) information systems (hence the name). It is a standards-based TOTP hardware token that can also be programmed over USB. The OTP generated is shown on the display both as regular digits as well as a QR image. Both features (OTP shown as QR code and HID keyboard emulation) are intended to make it possible to minimize typos when entering the OTP.
What is EVV and why is it important?
SPL
Presence verification features are highly demanded in a number of industries, and one of the most demanded features for medical institutions for cases where different parties are contracted to periodically visit patients to provide services. This applies not only to external service providers but also to providers within the same institutions. Often, hospital systems provide services within an enterprise, demonstrating the level of interoperation abstraction within the same organization. Usual methods of presence verification are consisting of a simple paper-based schedule table where the service providers just put the current date and time and their signature. Being simple enough and easy to implement, this method, however, does not guarantee the accuracy, as the signatures on the paper are easy to back-date and/or forward date. Using TOTP as a verification mechanism for EVV is secure enough, but not very user friendly (as the OTP needs to be typed in manually) and quite error-prone. The method introduced with EVVIS-QR1 device will allow to securely implement presence verification using a special mobile application and a static hardware token displaying two-dimensional barcodes without the need to enter any data manually, thus avoiding human errors.
One-touch OTP Entry
EVVIS-QR1 device can send the OTP over USB thanks to HID emulation function built-in (Windows only). This will allow minimizing the user actions needed to authenticate with any 2FA-enabled system. You can configure the device to send the OTP digits together with 'Enter' keystroke (ASCII char 13) — this adds the convenience of minimizing user actions needed for logging on to a system (i.e. a Web login form with the second-factor field), as the pressing the Enter key on the keyboard will be emulated, and the form requesting the OTP will be submitted automatically without the need of clicking the submit button.
OTP shown as a QR image
The devices showing the OTP as QR code have the most potential of greatly improving user experience when a special app is used. This is perfect for TOTP based electronic verification systems.
This feature may slightly improve the user experience even with standard software (i.e. mobile Safari under iOS)
SPL
The process, illustrated on the figure below, is not only improving the speed of the process (even if slightly) but, more importantly, helps to avoid input errors when the OTP is typed in manually.
The speed of the process (yet to be evaluated and compared to manual input speed) can be further improved by leveraging the Shortcuts app functionality of modern iOS (v 12.0 and higher). A shortcut within this app is a quick way to get one or more tasks done with your apps. By creating a set of tasks using the Shortcuts app we can minimize the number of actions required to be done by the user to copy the OTP from the EVVIS device.
The figure below shows an example of tasks created with Shortcuts that merges 3 different user actions into one, namely:
1. Launching the QR reader
2. Getting the text encoded in the QR code
3. Copying the recognized text to the clipboard
will be replaced by one action: launching the Shortcut task only.
Where to buy?
You can purchase the device directly on our online shop. Use the promo code below to get a 10% discount: HABR9MAXEOFG (expires on 31/08/2020)
«While FIDO/FIDO2 is more secure why do you still produce TOTP devices?»
We love FIDO, but it needs more time to become widely adopted and supported. Our research is driven by customer needs, and TOTP is still in high demand. The main reason is that it is much easier to implement, therefore many authentication systems still rely on TOTP.
===========
Источник:
habr.com
===========
Похожие новости:
- [Информационная безопасность] Небольшое расследование расследования по делу хакера, взломавшего Twitter
- [IT-компании, Законодательство в IT, Информационная безопасность, Социальные сети и сообщества] Задержаны подростки, взломавшие Twitter
- [Информационная безопасность, Тестирование мобильных приложений] Kali Linux NetHunter на Android Ч.3: нарушение дистанции
- [Open source, Информационная безопасность, Учебный процесс в IT] 1000 и 1 способ обойти Safe Exam Browser
- [Информационная безопасность] Очень странные дела при подаче объявлений на ЦИАН
- [IT-компании, Информационная безопасность, Социальные сети и сообщества] Twitter усиливает меры безопасности после хакерской атаки
- [IT-инфраструктура, Информационная безопасность, Системное администрирование, Софт] Как InTrust может помочь снизить частоту неудачных попыток авторизаций через RDP
- [Информационная безопасность] Обзор проекта новой методики моделирования угроз безопасности информации
- [IT-эмиграция, Информационная безопасность, Образование за рубежом, Удалённая работа, Читальный зал] Почтовый агент. Ловушка для жены эмигранта
- [Big Data, Информационная безопасность, Исследования и прогнозы в IT, Хранение данных] Новый tech – новая этика. Исследование отношения людей к технологиям и приватности
Теги для поиска: #_informatsionnaja_bezopasnost (Информационная безопасность), #_totp_hardware_tokens, #_blog_kompanii_token2.com (
Блог компании Token2.com
), #_informatsionnaja_bezopasnost (
Информационная безопасность
)
Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете голосовать в опросах
Вы не можете прикреплять файлы к сообщениям
Вы не можете скачивать файлы
Текущее время: 22-Ноя 13:40
Часовой пояс: UTC + 5
| Автор | Сообщение |
|---|---|
|
news_bot ®
Стаж: 6 лет 9 месяцев |
|
 Today, we are presenting a new type of TOTP hardware tokens — USB Programmable token that displays the OTP value as a QR code and also can send the current OTP value over USB as a part of its HID emulation feature. What is EVVIS-QR1? EVVIS-QR1 is a hardware device developed primarily for Electronic visit verification (EVV) information systems (hence the name). It is a standards-based TOTP hardware token that can also be programmed over USB. The OTP generated is shown on the display both as regular digits as well as a QR image. Both features (OTP shown as QR code and HID keyboard emulation) are intended to make it possible to minimize typos when entering the OTP. What is EVV and why is it important?SPLPresence verification features are highly demanded in a number of industries, and one of the most demanded features for medical institutions for cases where different parties are contracted to periodically visit patients to provide services. This applies not only to external service providers but also to providers within the same institutions. Often, hospital systems provide services within an enterprise, demonstrating the level of interoperation abstraction within the same organization. Usual methods of presence verification are consisting of a simple paper-based schedule table where the service providers just put the current date and time and their signature. Being simple enough and easy to implement, this method, however, does not guarantee the accuracy, as the signatures on the paper are easy to back-date and/or forward date. Using TOTP as a verification mechanism for EVV is secure enough, but not very user friendly (as the OTP needs to be typed in manually) and quite error-prone. The method introduced with EVVIS-QR1 device will allow to securely implement presence verification using a special mobile application and a static hardware token displaying two-dimensional barcodes without the need to enter any data manually, thus avoiding human errors.
One-touch OTP Entry  EVVIS-QR1 device can send the OTP over USB thanks to HID emulation function built-in (Windows only). This will allow minimizing the user actions needed to authenticate with any 2FA-enabled system. You can configure the device to send the OTP digits together with 'Enter' keystroke (ASCII char 13) — this adds the convenience of minimizing user actions needed for logging on to a system (i.e. a Web login form with the second-factor field), as the pressing the Enter key on the keyboard will be emulated, and the form requesting the OTP will be submitted automatically without the need of clicking the submit button. OTP shown as a QR image  The devices showing the OTP as QR code have the most potential of greatly improving user experience when a special app is used. This is perfect for TOTP based electronic verification systems. This feature may slightly improve the user experience even with standard software (i.e. mobile Safari under iOS)SPLThe process, illustrated on the figure below, is not only improving the speed of the process (even if slightly) but, more importantly, helps to avoid input errors when the OTP is typed in manually.
The speed of the process (yet to be evaluated and compared to manual input speed) can be further improved by leveraging the Shortcuts app functionality of modern iOS (v 12.0 and higher). A shortcut within this app is a quick way to get one or more tasks done with your apps. By creating a set of tasks using the Shortcuts app we can minimize the number of actions required to be done by the user to copy the OTP from the EVVIS device.  The figure below shows an example of tasks created with Shortcuts that merges 3 different user actions into one, namely: 1. Launching the QR reader 2. Getting the text encoded in the QR code 3. Copying the recognized text to the clipboard will be replaced by one action: launching the Shortcut task only.  Where to buy? You can purchase the device directly on our online shop. Use the promo code below to get a 10% discount: HABR9MAXEOFG (expires on 31/08/2020) «While FIDO/FIDO2 is more secure why do you still produce TOTP devices?» We love FIDO, but it needs more time to become widely adopted and supported. Our research is driven by customer needs, and TOTP is still in high demand. The main reason is that it is much easier to implement, therefore many authentication systems still rely on TOTP. =========== Источник: habr.com =========== Похожие новости:
Блог компании Token2.com ), #_informatsionnaja_bezopasnost ( Информационная безопасность ) |
|
Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете голосовать в опросах
Вы не можете прикреплять файлы к сообщениям
Вы не можете скачивать файлы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете голосовать в опросах
Вы не можете прикреплять файлы к сообщениям
Вы не можете скачивать файлы
Текущее время: 22-Ноя 13:40
Часовой пояс: UTC + 5