Loading
What is Authentication?
Authentication is a process of validating a person's identity to assure “he is who he says he is”. This is to reduce the risk of identity fraud. There are three recognised factors of authenticating an individual.
"Something you know", such as a password or PIN.
"Something you have", such as hardware security token.
"Something you are", such as finger print, a retina scan and others.
A system is said to use strong authentication when it requires at least two of the three factors before access to the system is permitted. This contrasts with traditional single-factor authentication which requires only one authentication factor (usually a password) in order to gain access or permit transaction.
The first factor, “Something you know”, is typically provided by the service providers when a user logs into the service providers’ web site.
Assurity assures “He is who he says he is” by authenticating a user with “Something you own”, the second factor.
Over time, when the need arises, Assurity will move into the third factor “Something you are”.
What is the Purpose of Authentication?
A minimum of 2FA provides substantially better security and makes it much more difficult for an attacker to impersonate you and access your computer, accounts, or other personal resources.
What is second-factor authentication (2FA)?
A second-factor authentication or 2FA is the verification of a user and authenticating that he is who he says he is with a unique and randomly generated password from a device that he owns that is linked to his Service Provider.
The current practice used in retail banking is the One-Time Password or OTP. When a user accesses an online service, in addition to User-ID and Password, the user would be required to enter an additional “second-factor password”, which is generated on demand. The dynamically-generated “second-factor password” could be delivered through a device, token (hardware or software) or via SMS. Other types of authentication methods include certificates and/or biometrics.
Today, service providers are deploying their own 2FA infrastructure. As a result, an authentication token or device tends to be proprietary and can only be used to access specific online services and a consumer ends up with multiple 2FA tokens or devices.
Assurity aims to enable consumers to access multiple online services with their various service providers requiring 2FA, with a single device.
Why NAF?
The unauthorised access and abuse of sensitive information and fraudulent transactions can have adverse consequences on individuals’ lives, companies’ reputations, public confidence, and Singapore’s standing as a trusted financial hub. The NAF aims to establish a nationwide strong authentication infrastructure to safeguard against unauthorised access to sensitive information online.
IDA has been working closely with regulators of key sectors (e.g. banking and finance, government and healthcare) to coordinate their demands and align their requirements for a strong authentication. Examples of demand for strong authentication could include those from financial institutions for their online banking and online securities trading services, government online services, and healthcare sector.
Why Assurity?
In response to the demands and need for an expeditious solution to fulfil the requirements for strong authentication from key stakeholders and regulators, as well as a trusted unifying body to streamline and provide the services from a single platform, AssurityTrusted Solutions Pte Ltd ("Assurity") a wholly-owned subsidiary of the Info-communications Development Authority of Singapore ("IDA") was set up to operate the National Authentication Framework (NAF) and national 2FA services.
Assurity has been entrusted by the governing authorities to provide consumers and Service Providers the assurance and confidence at the nationwide level for online transactions.
Assurity offers a nationwide common platform for strong authentication that will:
Enable consumers to enjoy the convenience of using a single authentication device to access multiple online services that require strong authentication;
Enable businesses to enjoy cost savings when they leverage on NAF instead of implementing or operating their own strong authentication systems;
Boost online trust and confidence, thus helping to entrench Singapore's status as a trusted infocomm hub; and
Enhance protection for consumers and business owners against online identity theft during online transactions.
We provide 2FA services that balance competing factors of security, convenience and cost effectiveness in a complementary and integrated way.
While the NAF adopts the approach of achieving cost effectiveness through a standardised set of 2FA services, Assurity appreciates that each SP has its unique requirements and unique competitive advantage in the market place. Assurity will support the SP’s unique business needs to retain and enhance their market position.
Why OneKey?
OneKey is the name of Assurity’s secure, convenient and effective multi-functional, authentication device.
‘One’ identifies it as a common device for users to transact with many different Service Providers.
’Key’ serves to unlock and open up a world of secure and convenient e-transactions.
Value Proposition
OneKey offers you:
a multitude of authentication uses
maximum security and assurance
reliability and convenience
cost and resource efficiency
