Before we look at an initial scenario (in band authentication), here are some concepts to provide you with some background information.
This is the Thales service that does much of the interaction between the bank’s backend server and the user’s mobile phone. In particular it performs the following:
- one-time password (OTP) management
- transaction data signing
- data protection
- out-of-band (OOB) communication. It uses the user’s mobile device as the security platform.
An OTP is a one-time password. As its name implies it is valid for one use only. The OTP is a major part of the authentication process.
In band versus out of band
In band means a single communications channel, whereas out of band means more than one communications channel. In-band authentication, for example, means that the authentication is performed on a single channel - the user receives a registration code to his or her mobile device and enters this code on the device. In out of band authentication, information is transferred via two or more channels, for example a user may generate a one-time password (OTP) using a mobile device, but enter this OTP over the internet using the TLS protocol.
Offline is a different user experience to In Band - Offline means that the OTP is displayed on the mobile phone but the user must enter it manually. However the two cases are integrated in the same way.