PassWindow
Encyclopedia
PassWindow is a technique of producing one-time passwords and facilitating transaction verification
that is used as an online second-factor authentication method.
The system works by encoding digits into a segment matrix similar to the seven-segment matrices
used in digital displays. The matrix is then divided into two component patterns that reveal the whole when superimposed.
Half of the pattern is printed on a transparent region of a plastic card, while the other is displayed on an electronic screen such as a computer monitor. These are referred to as the key pattern and challenge pattern, respectively.
Each key pattern is unique, and the challenge pattern can only be decoded by its corresponding printed key.
By varying the challenge pattern displayed on the screen, a series of digits can be communicated to the card holder without being visually revealed on the screen.
PassWindow is typically implemented such that an animated, perpetually looping sequence of challenge patterns is displayed, each encoding a single digit placed in a random location within the matrix.
A valid solution to this challenge then consists of a specified number of consecutively-appearing digits.
The user decodes the sequence of digits from the pattern using their PassWindow key and sends this as a response to the server's challenge. The correct response confirms that the client has physical access to the token.
These digits are then used as a one-time password.
or two-way authentication (sometimes written as 2WAY authentication) refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others' identity. When describing online authentication processes, mutual authentication is often referred to as website-to-user authentication, or site-to-user authentication.
and forms the primary basis for PassWindow's exceptional resilience to Man-in-the-middle (MITM) and Man-in-the-browser
(MITB) attacks.
During the intervening period, while the security world looked for ever more complex and high-tech solutions, which it was apparent were increasingly vulnerable to ever more complex and high tech attacks, Matthew decided to take the opposite approach and look for an authentication solution with pure simplicity at its core.
In the process, he discovered an entirely new secure method in online security.
Transaction verification
Transaction verification is the generic term to describe the Internet-based security method of verifying that the actual content of a transaction has not been altered by the fraudulent techniques known as Man-in-the-Middle and Man-in-the-Browser . This form of transaction protection is...
that is used as an online second-factor authentication method.
The system works by encoding digits into a segment matrix similar to the seven-segment matrices
Seven-segment display
A seven-segment display , or seven-segment indicator, is a form of electronic display device for displaying decimal numerals that is an alternative to the more complex dot-matrix displays...
used in digital displays. The matrix is then divided into two component patterns that reveal the whole when superimposed.
Half of the pattern is printed on a transparent region of a plastic card, while the other is displayed on an electronic screen such as a computer monitor. These are referred to as the key pattern and challenge pattern, respectively.
Each key pattern is unique, and the challenge pattern can only be decoded by its corresponding printed key.
By varying the challenge pattern displayed on the screen, a series of digits can be communicated to the card holder without being visually revealed on the screen.
PassWindow is typically implemented such that an animated, perpetually looping sequence of challenge patterns is displayed, each encoding a single digit placed in a random location within the matrix.
A valid solution to this challenge then consists of a specified number of consecutively-appearing digits.
Use in two-factor authentication
By printing a PassWindow key pattern on a piece of transparent media, such as a transparent section of a plastic card, a standard plastic ID-1 card can be used as physical token ( something you have) that can be used in a two-factor authentication system.Generation of one-time passwords
Using the PassWindow system, a challenge pattern containing a string of digits and/or letters can be generated for a specific key pattern by an authentication server with knowledge of the shared secret (the user's key pattern).The user decodes the sequence of digits from the pattern using their PassWindow key and sends this as a response to the server's challenge. The correct response confirms that the client has physical access to the token.
These digits are then used as a one-time password.
Mutual authentication
Mutual authenticationMutual authentication
Mutual authentication or two-way authentication refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the...
or two-way authentication (sometimes written as 2WAY authentication) refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others' identity. When describing online authentication processes, mutual authentication is often referred to as website-to-user authentication, or site-to-user authentication.
Passive mutual authentication with PassWindow
In the simplest case, the client verifies that the server from which they are receiving their challenge by confirming that the solution is intelligible when they superimpose their key over the challenge. An unintelligible or corrupted challenge alerts the user that they may not be connected to the server they intend.Transaction verification
In addition, a known string of digits may be encoded into the challenge at the time of generation to provide additional server-to-client authentication to prevent the replay of stored challenges. Known as a verification code, examples include destination account numbers or transaction totals when used to secure online monetary transactions. This use is often referred to as transaction verificationTransaction verification
Transaction verification is the generic term to describe the Internet-based security method of verifying that the actual content of a transaction has not been altered by the fraudulent techniques known as Man-in-the-Middle and Man-in-the-Browser . This form of transaction protection is...
and forms the primary basis for PassWindow's exceptional resilience to Man-in-the-middle (MITM) and Man-in-the-browser
Man in the Browser
Man-in-the-Browser , a form of Internet threat related to Man-in-the-Middle , is a trojan that infects a web browser and has the ability to modify pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host application...
(MITB) attacks.
History
Matt Walker, Australian, invented the original PassWindow concept after many years researching various online two-factor authentication systems. The high cost of many electronic token systems, as well as their inability to protect against an ever-increasing array of complex attacks, forced Matthew to completely rethink the way modern authentication is conducted.During the intervening period, while the security world looked for ever more complex and high-tech solutions, which it was apparent were increasingly vulnerable to ever more complex and high tech attacks, Matthew decided to take the opposite approach and look for an authentication solution with pure simplicity at its core.
In the process, he discovered an entirely new secure method in online security.
Media appearances
- PassWindow first appeared in the media in May 2009 as a 'Cheap solution for security' on account of its ability to securely produce one-time passwords without the need for electronics to be deployed to its end users.
- PassWindow's inventor, Matthew Walker, appeared on the Australian television program The New InventorsThe New InventorsThe New Inventors is an Australian television show, broadcast on ABC1, and hosted by broadcaster and comedian James O'Loghlin. Each episode features three Australian inventions and short video tape packages...
in June 2009.
- PassWindow has since appeared several times in the media, as well as being the subject of a white paper written by VEST corporation, France.
- PassWindow has been selected as a finalist in The Wall Street JournalThe Wall Street JournalThe Wall Street Journal is an American English-language international daily newspaper. It is published in New York City by Dow Jones & Company, a division of News Corporation, along with the Asian and European editions of the Journal....
2010 Asian Innovation Awards.
- PassWindow has been featured in The Wall Street Journal as "A New Way to Outwit Internet Fraudsters".