Welcome to clavid.com

Get Your Own OpenID!

 

Sign up for free your personal digital identity on Clavid.com and benefit from it using OpenID enabled sites on the internet.

Sign Up Button

 

You have already a clavid.com user account?  Secure Login

    
 Anthrazit Auszeichnung 2010
 

Anthrazit

Award 2010

 

«The 200 best Sites

of Switzerland»

More...

Authentication Methods

«Clavid gives his OpenID and SAML customers the possibility to move from weak username and passwords to strong authentication»

«Security and flexibility without a compromise in usability!»

 

  

There is no global authentication standard appected by every service provider or web site. Many service provider, ecpecially big firms in the financial or insurance industry have set up a own PKI (Public Key Infrastructure) to provide every user a unique access mean to access IT systems.

 

There are three credentials for verifcation a link between a physical person and a digital identity:

 

Knowledge - Something the user knows (password, pass phrase, PIN-Code)

Assets - Something the user has (ID-card, cell phone, security token)

Biometric feature - Something the user is (fingerprint, eyes, DNA)

 

clavid.com allows unified digital identity exchange between application service providers and end users without loosing data protection. Depending on the strength of authentication and security level, clavid.com supports the following authentication methods (combinations are possible):

 

Username / Password

OTP Generators (One Time Password)

SSL Client Certificates

Biometrical Methods (Finger print) 

 

Username / Password

 

 Password

 

The 'classic' authentication method based on username/password allows a user to freely choose a username/password pair. Such a combination gets created when signing up for a password based clavid.com user account. Even though this method is due to its easy-of-use very popular to end users, lacks this method in security. However, this authentication method can be a good entry point to OpenID using the clavid.com platform allowing to increase the security at a later time/stage by getting to a more secure authentication method such as OTP, SSL client certificates or even biometrical authentication.

 

OTP Generators (One Time Password)

 

 Password

 

A One Time Password is a password that can only be used once and is usually used in addition to a username / password pair. A OTP is only valid for one single authentication transaction and can not be used a second time. Every authentication using OTP is therefore 'unique'. 

 

The general methods for generating and transferring OTP's are:

 

• E-Mail

• Cross-off list or TAN list (e.g. transaction number list used for online banking)

• One-time password generators (RSA-Token, YubiKey, RFC 2289, RFC 4426, OATH HOTP, OATH TOTP, Mobile Phones, etc.

• Mobile SMS (Short Message Service to mobile phones)

 

Digital Certificates (SSL Client Certificates)

 

 SSL Certificates

 

If you own a SSL Client Certificate, you can add the certificate to your clavid

account and use it for user authentication to the clavid server . Look for the SSL certificate logo.

 

Using a certificate avoids the need for entering sensitive data such as your password. The certificate is like your username and password: Protect it!

Description

 

Digital certificates confirm the relationship of electronic key pairs to a person, company, institution or system and associate a physical relationship to digital identities. Digital certificates allow the protection of confidentiality, authenticity and integrity of data to third parties using the correctness of the electronic key

 

• The structure of digital certificates is defined based on standards (e.g. x.509 standard) 

 

• Secure Sockets Layer (SSL) protects service providers as well as end users

 

• SSL certificates allow encryption of confidential data in online transactions

 

• Every SSL certificate contains unique, validated information of the owner of the certificate

 

• Every SSL certificate is issued by a specific issuer that validates the identity of the certificate owner 

Certificates contain usually the following information:

 

1. The name (or unique identification) of the issuer of the certificate

2. Information on rules and policies under which the certificate has been issued

3. Information on validity duration of the certificate

4. The electronic key of the certificate

5. The name (or unique identification) of the owner of the electronic key

6. Additional information of the owner

7. Information on policy and validity

8. A digital signature of the issuer across all information 

 

Accredited providers of qualified certificates according to Swiss signature regulation ZertES/ETSI are the Swiss Post, SwissSign,QuoVadis Trustlink AG as well as the Federal Office for Information Technology, Systems and Telecommunication.

 

The currently only provider for advanced and qualified certificates with registration offices all over Switzerland (Post branches), is the Swiss Post with it's product  Swiss Post Certificate

 

Biometrical Method (Finger Print)

 

 Biometric

 

Biometric fingerprint identification is one of the most famous Authentiserungs methods in the field of IT security. Because of their uniqueness, and consistency over time, are fingerprints for the identification of people in the computer industry has become imperative.

One of the most innovative producer of biometric security tokens, the company AXSionics in Biel with its Internet Passport™ .

 

 

 

Top  

 

Back