Technology
OTAC
A new paradigm for user authentication and device authentication
A dynamic, randomized, one-time authentication code...
generated on-demand, locally by the user...
without needing any network...
...that enables identification and authentication simultaneously in a single step.
Based on the world’s first one-way dynamic authentication technology, one-time authentication code (OTAC) originally invented by swIDch provides more secure authentication by uni-directional dynamic token ONLY to overcome bi-directional limitations including high dependency on the push & pull system of network connectivity between clients and servers. By reinventing authentication, swIDch sets a new standard for authentication in cybersecurity beyond the limitations of existing authentication methods.
What we face
A cyber-attack takes place somewhere around the world
once every 39 seconds. As a result, there were 8 billion pieces
of sensitive personal information being leaked to the market in 2019.
These all cost the global economy a staggering $2.9M
every minute in 2020. But WHY does this happen?
once every 39 seconds. As a result, there were 8 billion pieces
of sensitive personal information being leaked to the market in 2019.
These all cost the global economy a staggering $2.9M
every minute in 2020. But WHY does this happen?
Risk of static
information
information
Card numbers, ID, password, and PINs which we use every day are great examples of static information used as authentication credentials. Knowledge-based authentication – whether with PINs, passwords, passphrases – is not only a headache for users, it is also costly to maintain. As the world becomes more connected, using static information for authentication carries with it a huge vulnerability allowing cyber crimes such as identity theft, card-not-present fraud, and hijacking to take place.
ID/PW
- Static information
- Easily lost and stolen
- Easily lost and stolen
Complex
authentication process
authentication process
OTP, which is widely used for secure identity authentication, cannot perform user authentication alone, so an initial authentication step (usually ID and password) is required. Since you must go through more than one authentication step, the complexity feels even greater for users.
OTP
- On its own, it is not enough to identify a user.
- It always requires initial self-authentication between a user and a server.
- It always requires initial self-authentication between a user and a server.
Network
connection distress
connection distress
In locations with poor network,
it is difficult to force the use of a communication network for authentication. The token method is used in numerous authentication environments and has become one of the most common ways of performing secure authentication by obtaining access rights through a specific point-in-time comparison of the authentication key generated by a token service operator (TSP). This is limited due to the reliance of connectivity between a user, a server and a TSP. It is also only operates in an environment controlled by a central server.
it is difficult to force the use of a communication network for authentication. The token method is used in numerous authentication environments and has become one of the most common ways of performing secure authentication by obtaining access rights through a specific point-in-time comparison of the authentication key generated by a token service operator (TSP). This is limited due to the reliance of connectivity between a user, a server and a TSP. It is also only operates in an environment controlled by a central server.
Token
- Requires network connection
- Bi-Directional
- Bi-Directional
What we offer
swIDch’s OTAC technology combines advantages of the three most common authentication systems – user ID/passwords, RSA hardware/software for generating authentication codes, and tokenisation. This provides a solution that is more efficient and more effective than any of these elements individually. It generates a single dynamic code that both identifies and authenticates the user at the same time and can do so without a network connection. And because it’s a single-use, time-based code that’s unique to the user, it can’t be used by someone else or used again.
Strong security
OTAC substantially increases security by generating dynamic authentication codes even in an off-the-network environment.
Seamless Integration
Use of API/SDK to bring simple and frictionless integration for IT admins.
Unlimited scalability
& flexibility
& flexibility
The lightness of OTAC enables applications in multiple industries and not limited to devices
Unbelievable
cost saving
cost saving
No need to build heavy token infrastructure. Save costs associated with network traffic, maintenance, and fraud compensation.
High risk of information breach with static information
Difficult to identify/authenticate the user with OTP alone
High dependency on push & pull system of network connectivity between clients and servers
Duplication-free dynamic code authentication prevents from various breach risks
Identify and authenticate the user with dynamic codes alone
Dynamic code generation without network connectivity
How it works
Build customisable, flexible solutions depending on your industry and use case. The generation of the code can happen locally on the device or even on the IC chip across a range of cards and applications. The format is then configurable to each clients needs, along with the transfer and verification. This flexibility combined with configurable time intervals provides a highly flexible and super secure authentication solution across a wide range of industries, and unique to every clients needs and requirements.
International CC Certification for OTAC
Our OTAC technology has obtained the global CC standard for its strong security, stability and reliability.
Patents
174 Registered,
324 Pending
Contact Us Today
Get In touchRelated Topics
IEC 62443 Meets OTAC
The IEC 62443 standard stands at the forefront of this battle, offering a strategic framework to defend against the evolving landscape of cyber threats. This set of guidelines is not just a recommendation; it’s an imperative shield that protects the critical infrastructure powering our industries.
Read More
CRA (Cyber Resilience Act)
The Cyber Resilience Act (CRA) emerges as a beacon of security in the tumultuous seas of cyberspace. This groundbreaking legislation, proposed by the European Union, is not just a set of guidelines; it’s a robust shield designed to fortify every digital product against the relentless onslaught of cyber threats.
Read More
Guide to NIS2 Compliance and Operational Technology Resilience
The NIS2 Directive is the EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU. The EU's NIS2 Directive has arrived, bringing stricter cybersecurity regulations to vital sectors like energy, water, and transportation.
Read More
Risks of Default Passwords
Passwords are vulnerable to various types of cyberattacks, such as phishing, brute-force, and dictionary attacks. Moreover, many people do not follow the best practices for password security, such as using long and random passphrases, changing them frequently, and avoiding password reuse.
Read More