Reciprocal Authentication (ECHO)

The patent pending Emue Reciprocal Authentication (ECHO) solution provides commensurate two-way multi-factor authentication across multiple business channels including the Internet and telephone.

Equal weight is given to the means by which authentication takes place between the two parties.  Without reciprocal authentication, effective mutual authentication cannot reliably be achieved.

To achieve reciprocal authentication, consumers are provided with a personal authentication engine, embedded within a device they use everyday, such as a credit card, Cell phone or PDA.

Each device is able to determine the authenticity of the remote service with whom the consumer is trying to do business by means of a 6-8 digit authentication challenge being presented by the remote service for input directly into the consumer’s Emue device.

If the authentication challenge keyed in is found to be legitimate, only then will the device activate for use by the consumer.

Once the remote service has been verified, the consumer is able to key in their own PIN to derive a personal 6-8 digit one-time passcode (OTP) for use in authenticating them to the service.

Failure to ensure strong multi-factor reciprocal authentication between both parties leaves a residual risk, capable of being exploited by fraudsters to the detriment of consumers and corporate users.

The ECHO capability exists both as a web based capability, which is used for the purposes of web based reciprocal authentication, and also as a separate telephone based feature.

The split capabilities of both ECHO features negate the means by which web based credentials may be used for fraudulent telephone based identity management and vice versa.

ECHO is available as a capability of the Emue Citadel, Fortress and Garrison product ranges.