Site Options:


Keylogging Ontology

Out-Of-Band Authentication (OOBA)

Out-Of-Band Authentication is a type of Multi-Factor Authentication involving more than one channel for communication of verification factors, that are not linked to the original communication channel used to access a website, network, or cloud service. This method guards against intruders that may have access to the original communication channel used for logins and transactions.

Out-Of-Band, Multi-Factor Authentication:  Second Factors

OTP, PKI, and biometric identification can be implemented as additional factors in Out-Of-Band, Multi-Factor Authentication. The first factor is the password (what you know). The second factor can be an OTP password generated by a smartphone (what you have), PKI credentials stored in a smartcard / USB Token (what you have), or a biometric identifier (who you are).


OTP Password
A One-Time Password (OTP) is valid for only one login session or transaction. The purpose is to make it more difficult to gain unauthorized access to restricted resources, such as a bank account.

PKI Credentials
A PKI (Public Key Infrastructure) is an comprehensive system of software, hardware, people, policies, and procedures needed to create, implement, and revoke digital certificates. This infrastructure uses a Certificate Authority (CA) to bind a public key with a user identity.

Biometric Identification
Biometric Identification is the verification of individuals by using their physiological and behavioral characteristics.

If a pin number or password is forgotten or stolen, it can be changed but biometric identification cannot. A BIOMETRIC IS NOT A SECRET (In authentication, a 'secret' can be a password, a large number, or an array of randomly chosen bytes, known only to the parties involved,). Therefore, depending on the biometric type and the level of risk for which the authentication is to be used for, multi-factor authentication with more that two factors is better. Biometrics combined with OTP and PKI digital certificates results in much stronger authentication.

OOBA Example

One of the most common types of Out-Of-Band Authentication involves OTP passwords used in online banking transactions. Typically, a customer wishing to do an online transaction will be sent a message by cell phone with a password. This way, intruders that may have access through the original channel, will not be able to access the password sent by cell phone, because it is sent through a different communication channel. This type of authentication can be extremely effective as long as intruders have not somehow gained access to the user’s cell phone system as well.

Related Information:
Keylogging Ontology
Problem & Solution
MobileTrust: FAQs
ProtectID Whitepaper: "Out-of-Band" Multi-Factor Authentication Cloud Services

Related Reference:
Out-Of-Band Channel