1 of 6Image
This is URUPlus, BT's three-factor authentication system for logging into corporate networks from any Web-connected computer.
A remote secure token generates a one-time code for the user, who then uses it to clear the first stage of security. This was followed, in the example shown to ZDNet UK, by a verification call request to the server. The server then called the user's mobile phone, asking him to speak his phone number. Thus, pre-registered information (the handset's number) and biometric voice analysis constitute the second and third levels of security.
BT says authentication is a key component of its next-generation 21st Century Network (21CN), which some parts of BT expect to have rolled out nationwide by the end of 2009. 21CN will replace BT's legacy networks with a single IP-based infrastructure across the country.
BT is also working closely with the financial sector to combat card fraud. The banks are currently developing low-cost mobile chip-and-PIN readers for their customers to use at home, with Barclays likely to lead the charge in 2007. BT is bidding to supply authentication for these services.
The user simply sticks his or her card into the reader, which displays a randomly-generated code for logging into an online banking site.
Costs are kept low in such systems by having an identical series of codes on both the bank’s servers and the card’s chip. All the intelligence is on the card, so the reader itself costs less than £5 to produce. For extra security, a new code is required for every transaction.