send link to app

VIP token


4.1 ( 2071 ratings )
비즈니스 교육
개발자: David-Olivier Jaquet-Chiffelle
비어 있는

An educational implementation of a token generating one-time passwords (OTP) to be used for challenge-response authentication.

The app can be set to behave as a compromised token, in order to show the risk of sensitive information leaking to the remote server without the user being aware. In compromised mode, the generated responses contain a variable portion of the users PIN code. So after a few authentication cycles, the server can reconstitute the whole PIN code! Such a covert channel would endanger both security and privacy.

This client-side token is to be used with one of our complementary authentication servers that mimic the Internet banking service of three different Swiss banks. All the instructions needed and the links to the servers are on our website!

This app has been developed at the Virtual Identity, Privacy and Security (VIP) research center, which belongs to the Department of Engineering and Information Technology of the University of Applied Sciences of Bern (BFH-TI) in Biel/Bienne, Switzerland.