Reliance authentication
From Wikipedia, the free encyclopedia
Reliance authentication is a part of the trust-based identity attribution process whereby a second entity relies upon the authentication processes put in place by a first entity. The second entity creates a further element that is unique and specific to its purpose, that can only be retrieved or accessed by the authentication processes of the first entity having first being met.
This article needs additional citations for verification. (August 2018) |
Reliance authentication can be achieved by one or more tokens with random characteristics being transmitted to a secure area controlled by the first entity, where such secure area is only accessible by the person authorised to use the account. The secure area may be an online banking portal, telephone banking system, or mobile banking application.
The token is often in the form of a single or plural of debit or credits to a financial account, where the numerical values of the debit or credits form the token, whose numeric value is to be confirmed by the account holder.
The token are retrieved by the cardholder accessing a secure area from the first entity's secure area, which is protected and accessible only by satisfying the first entity's authentication means. In the case of financial services, authentication to access the secure area normally includes multi-factor and in the SEPA would likely involve strong authentication.
The transmission and requirement to retrieve the token adds a further challenge and response factor to the overall authentication process when considered from the point of view of the second party, which generates and transmits the token.
The token may be generated by the second party dynamically, and can thus act as a one-time password.
The reliance authentication method has particular application with financial instruments such as credit cards, e-mandate and direct debit transactions, whereby a person may instigate a transaction on a financial instrument, however the financial instrument is not verified as belonging to that person until that person confirms the value of the token.
The reliance method often incorporates an out-of-band response means, once the tokens have been retrieved from the secure area.