
Out-of-band (OOB) authentication is widely accepted as the solution for Man-in-the-Middle (MITM) and Man-in-the Browser (MITB) attack. Definition: OOB Authentication requires that separate information channels are used for authentication and access. In the "Hype Cycle for Information Security", published in 2007 Out-of-Band Authentication technology is regarded by Gartner, Inc. as early mainstream. OOB is our core authentication technology , since 2000. Both TAP and VoiceProof utilize this approach : TAP utilizes OOB using proprietary VoiceShield PC client-server encrypted communication channel . For reference please go to Controlled Field-test by Standards Institute VoiceShield exceeds US NIST Level 4 open network e-authentication requirements. For discussion please go to NIST level 4 and beyond TAP also utilizes OOB authentication using proprietary MobilVoice phone-to-IVR communication channel. VoiceProof utilizes OOB authentication using client-server encrypted communication channel . |


| “The man “in the middle” might actually be in the customer’s PC: Trojan software can create a hidden browser session and generate transactions on the back of a legitimate strongly authenticated session – a “man in the browser” attack. Note that these are not attacks against the authentication method. They usurp or “piggyback” on legitimate user access to the bank’s Web site and will succeed no matter how strong the authentication method.”Gartner , 2006 |
| According to Gartner , "A Man-in-the-Browser (MiTB) attack can be programmed to corrupt a transaction 'in-flight' and prior to PKI encryption/transmission to the Bank. This means that Digital Certificates can no longer be regarded as a form of non-repudiation since they are now vulnerable to Man-in-the-Browser attacks." |