InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
5,460.48
(
-0.41%
)
US TECH 100
19,181.60
(
-0.43%
)
Dow Jones
39,118.86
(
-0.12%
)
Brent Oil
84.85
(
0.00%
)
Bitcoin
61,376.43
(
0.80%
)

Replies to post #165791 on Zerify Inc (ZRFY)

Replies to #165791 on Zerify Inc (ZRFY)

ZPaul

05/24/17 11:19 AM

#165798 RE: 4sleddogs #165791

Updated with OOBA NIST 05/18/17: https://pages.nist.gov/800-63-3/sp800-63b.html

OOBA is all over in this just released NIST guidelines.


Authenticator Assurance Level 1
4.1.1. Permitted Authenticator Types

AAL1 permits the use of any of the following authenticator types, which are defined in Section 5:

Memorized Secret
Look-up Secret
Out of Band
Single-factor One-Time Password (OTP) Device
Multi-factor OTP Device
Single-factor Cryptographic Software
Single-factor Cryptographic Device
Multi-factor Cryptographic Software
Multi-factor Cryptographic Device


Communication between the claimant and verifier (the primary channel in the case of an Out of Band authenticator) SHALL be via an authenticated protected channel to provide confidentiality of the authenticator output and resistance to MitM attacks.


Authenticator Assurance Level 2
When a multi-factor authenticator is used, any of the following may be used:

Multi-factor OTP Device
Multi-factor Cryptographic Software
Multi-factor Cryptographic Device
When a combination of two single-factor authenticators is used, it SHALL include a Memorized Secret authenticator and one possession-based (“something you have”) authenticator from the following list:

Look-up Secret
Out of Band
Single-factor OTP Device
Single-factor Cryptographic Software
Single-factor Cryptographic Device