IETF approves new standards for authentication tokens

Share on FacebookTweet

In a set of newly approved standards, Internet Engineering Task Force (IETF) approved new technique in protecting authentication tokens from replay attack. Authentication tokens are widely used on Internet. Instead of log in with your credential every time you access your favorite website, your browser shows the server your authentication token. Those tokens could be stolen and later misused in identity theft, or stealing information from services, without a need of knowing your passwords. This vulnerability is known as a ‘replay attack’. New standards propose the creation of pair of cryptographic keys to link personal device to authentication token. One key would be stored on personal device and second one would be public. In this way authentication tokens would correspond with the user device only, blocking the use from different device.

Set of standards included are: Request for Comments: 8471, (Token Binding Protocol), Request for Comments: 8472, and Request for Comments: 8473 (Token binding over HTTP)

Share on FacebookTweet