Open Authentication (OATH) is an industry-wide collaboration to develop an open reference architecture by leveraging existing open standards for the universal adoption of strong authentication. The goal is to remain vendor neutral and to develop products and technologies that will decrease cost, simplify use, and increase adoption of two-factor authentication (2FA).
The OATH standard was designed to enable strong authentication to systems, devices, and networks in a cost-efficient manner, without the need for vendor lock-in or reliance on a single vendor for all your authentication needs. Simply put, anyone can create products and authentication services based on the OATH standard, which helps to ensure uniformity and interoperability with other products.
By using authentication systems based on the OATH standards, organizations can (and should) easily implement two-factor authentication for a wide variety of services, using common standards and in-place identity management solutions, such as Active Directory and RADIUS infrastructures.
The OATH organization specifies two open authentication standards: TOTP and HOTP. To authenticate using TOTP (time-based one-time password) the user enters a 6-8 digit code that changes every 30 seconds. The code is generated using HMAC (shared Secret, timestamp), where the timestamp changes every 30 seconds. The shared secret is often provisioned as a QR-code or preprogrammed into a hardware security key.
Hardware OATH tokens typically come in the form of a smart card or USB eToken used as secure one time password that can be used for multi-factor authentication (MFA). It’s an open reference architecture for implementing strong authentication. The encryption algorithm is an open source standard and, as such, is widely available. Some OATH TOTP hardware tokens are programmable, meaning they don’t come with a secret key or seed pre-programmed. These programmable hardware tokens can be set up using the secret key or seed obtained from the software token setup flow. Customers can purchase these tokens from the vendor of their choice and use the secret key or seed in their vendor’s setup process.
Software OATH tokens are typically applications such as the Microsoft Authenticator app and other authenticator apps. Azure AD generates the secret key, or seed, that’s input into the app and used to generate each One Time Password (OTP).
The OATH standard, at a basic level, describes implementation of a core set of authentication credentials. These credentials are:
- One Time Password (OTP) -based authentication
- Public-key infrastructure (PKI) -based authentication (using X509.v3 certificate)
- Subscriber identity module (SIM) -based authentication (using GSM/GPRS SIM)
Related Products
Related Articles
Averon and tyntec Join Forces, Announce Global Launch of Direct Autonomous Authentication®
MUNICH and SAN FRANCISCO, February 25, 2019 – tyntec, a global cloud communications provider, and Averon, developer of the world’s first fully automated security solution, today announced their strategic technology partnership. Leveraging tyntec’s extensive wireless carrier connectivity, the partnership will drive
BIO-key Secures more than $10M in Orders for its Biometric Security Software
WALL, N.J., Nov. 15, 2018 (GLOBE NEWSWIRE) -- BIO-key International, Inc. (Nasdaq: BKYI), an innovative provider of biometric software and hardware solutions for strong and convenient user authentication, announced today that it has secured in excess of $10 million in orders
NY Regional Bank Selects BIO-key Biometric Authentication to Comply with New York State Department of Financial Services Cybersecurity Law
WALL, N.J., Oct. 04, 2018 (GLOBE NEWSWIRE) -- BIO-key International, Inc. (NASDAQ: BKYI), an innovative provider of biometric authentication and security solutions, today announced a regional bank serving customers throughout Long Island and neighboring New York City boroughs, has selected BIO-key to provide
Yubico Launches YubiKey 5 Series, the Industry’s First Multi-Protocol Security Keys Supporting FIDO2
PALO ALTO, CA and STOCKHOLM, SWEDEN – September 24, 2018 – Yubico, the leading provider of hardware authentication security keys, today announced the launch of the YubiKey 5 Series, the industry’s first multi-protocol security keys supporting FIDO2/WebAuthn. With this new addition, the
ImageWare® Announces Innovative 2FA and Biometric Security Solution with ForgeRock® Identity Platform™
San Diego, CA September 14, 2018 – ImageWare Systems, Inc. (OTCQB: IWSY), a leader in mobile and cloud-based, multi-factor, multi-modal biometric identity management solutions, today announced that its GoVerifyID® solution has been certified for use with the ForgeRock Identity Platform™. ForgeRock® is a leading
Two-Factor Authentication Market 2018 Global Industry Size, Share, Top Leaders, Historical Analysis, Business Strategy and Industry Segments Poised For Strong Growth In Future 2023
Thursday, August 16th 2018, 8:41 am EDT “Market Research Future” Market Research Future published a research report on “Global Two-Factor Authentication Market Research Report- Forecast 2023” Market Analysis, Scope, Stake, Progress, Trends and Forecast to 2023. Market Scenario: Two Factor