Draft:X.1280

Review waiting, please be patient. This may take 3 months or more, since drafts are reviewed in no specific order. There are 2,717 pending submissions waiting for review. If the submission is accepted, then this page will be moved into the article space. If the submission is declined, then the reason will be posted here. In the meantime, you can continue to improve this submission by editing normally. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Reviewer tools Instructions · What links here · X.1280 (talk: + · bio) · (log) · Copyvios report · reFill · Citation Bot · (Search: Google, Wikipedia) · Submitted 2 days ago by Baker232 (talk: D · +) · Last edited 46 hours ago by Citation bot

This is a draft article. It is a work in progress open to editing by anyone. Please ensure core content policies are met before publishing it as a live Wikipedia article. Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL Easy tools: Citation bot (help) | Advanced: Fix bare URLs · Article logs · Draft logs. Last edited by Citation bot (talk | contribs) 46 hours ago. (Update) This draft has been submitted and is currently awaiting review.

X.1280 is an International Telecommunication Union(ITU) standard for verifying a service provider before user information.

Unlike traditional authentication methods such as passwords, PINs, and One-time password(OTPs), which only verify the user's identity, this standard enables mutual authentication to verify both users and service providers. X.1280 uses an out-of-band mobile authenticator, typically a smartphone, and may incorporate biometric authentication for enhanced security. However, a key feature is that no additional hardware, such as dedicated security tokens, is required beyond a smartphone. It allows the use of a unified authenticator across various devices. To authenticate via X.1280, prior registration is required. When a service provider supports X.1280-based authentication, the mobile authenticator must first be registered and then used for authentication.

The X.1280 standard is designed to:

• Enhance security by enabling mutual authentication between users and service providers, ensuring protection against verifier impersonation.
• Eliminate device dependency by using an out-of-band mobile authenticator, allowing seamless authentication across multiple devices.

X.1280 enables advanced authentication methods, including:

• User-centric authentication: Users verify the service provider before providing credentials, simplifying the authentication process and enhancing security.
• Mutual authentication: Both the user and the service provider verify each other, shifting from one-way to two-way authentication.
• Unified authentication: A single mobile authenticator supports authentication across diverse devices, such as computers, smartphones, automated teller machines (ATMs), and artificial intelligence (AI) speakers, eliminating the need for device-specific authenticators ^[1]

• June 29, 2022: Registered as TTAK.KO-12.0383 by the Telecommunication Technology Association (TTA) in South Korea. ^[2]
• 2022: Adopted by ITU-T as X.oob-sa. ^[3]
• March 1, 2024: Redesignated as X.1280 by ITU-T. ^[4]

X.1280 authentication involves a two-step process: registering a mobile authenticator and performing mutual authentication between the user and the service provider.

• Authenticator registration

1. A user needs to install a mobile application to communicate with an authentication server.
2. After that, the user needs to request registration from a client. It can be a PC or something else.
3. Then, the client sends a registration request to the authentication server.
4. The authentication server generates secure data. In process 8, when the mobile sends a request, the request must contain the secure data.
5. The authentication server sends information that contains the secure data for verification.
6. The client provides registration information to the user by an allowed method, such as Email, SMS, QR code, etc.
7. The user inputs the data received from the client into the pre-installed mobile application.
8. The application requests verification from the authentication server.
9. If the request contains secure data, the authentication server registers mobile application information.
10. The authentication server sends a verification key to the mobile application. The application stores the key.

• Authentication process

1. A user who registered an authenticator(out-of-band authenticator) request logs in on a client.
2. Authentication server receives verification request from the client.
3. The authentication server generates secure data to verify the authenticator.
4. The authentication server sends authentication information to the client.
5. The client shows authentication information by text or sound, depending on the type of the client.
6. The authentication server sends a dataset to the authenticator to generate authentication information.
7. The authenticator generates authentication information. If the user attempts to log in on a fake client (e.g., a fraudulent web page), the authentication information displayed will differ from that generated by the out-of-band server authenticator.
8. The authenticator provides authentication information by text or sound, depending on the setting of the mobile application.
9. The user can approve or reject on the authenticator. When the user approves, additional Multifactor authentication steps (e.g., Knowledge : PIN, Possession: The mobile, Inherent : biometrics) may be required, depending on the verifier’s or mobile application policy.
10. The authenticator generates user authentication information to send to the authentication server.
11. The authenticator sends the user authentication information.
12. The authentication server authenticates the user if the user's authentication information matches.
13. The authentication server sends the user authentication result to the client.
14. The client presents a post-login service if the result is positive.