Draft:X.1280: Difference between revisions

X.1280
X.1280
Framework for out-of-band server authentication using mobile devices
Status	In force (Recommendation)
Year started	2022
Latest version	1.0; March 1, 2024; 20 months ago
Organization	ITU-T
Committee	ITU-T Study Group 17
Series	X
Related standards	X.509, X.1254
Domain	Cybersecurity, ; Identity management, ; Authentication, ; Phishing resistance
Website	handle.itu.int/11.1002/1000/15661

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Inline

Revision as of 11:57, 6 November 2025

Review waiting, please be patient.

This may take 2 months or more, since drafts are reviewed in no specific order. There are 2,755 pending submissions waiting for review.

If the submission is accepted, then this page will be moved into the article space.
If the submission is declined, then the reason will be posted here.
In the meantime, you can continue to improve this submission by editing normally.

Where to get help

If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews.
If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed.

How to improve a draft

Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia.
Help:Wikitext – how to use the markup
Help:Referencing for beginners – how to include references
Wikipedia:Article development – how to develop your article
Wikipedia:Writing better articles – how to improve your article
Wikipedia:Verifiability – make sure your article includes reliable third-party sources

You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article.

Improving your odds of a speedy review

To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags.

Add tags to your draft

Editor resources

Easy tools: Citation bot (help) | Advanced: Fix bare URLs

Reviewer tools

Instructions · What links here · X.1280 (talk: + · bio) · (log) · Copyvios report · reFill · Citation Bot · (Search: Google, Wikipedia) · Submitted 4 days ago by Baker232 (talk: D · +) · Last edited 4 days ago by Baker232

Submission declined on 21 May 2025 by ToadetteEdit (talk).

This submission is not adequately supported by reliable sources. Reliable sources are required so that information can be verified. If you need help with referencing, please see Referencing for beginners and Citing sources.

If you would like to continue working on the submission, click on the "Edit" tab at the top of the window.
If you have not resolved the issues listed above, your draft will be declined again and potentially deleted.
If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors.
Please do not remove reviewer comments or this notice until the submission is accepted.

Where to get help

If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews.
If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed.

How to improve a draft

Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia.
Help:Wikitext – how to use the markup
Help:Referencing for beginners – how to include references
Wikipedia:Article development – how to develop your article
Wikipedia:Writing better articles – how to improve your article
Wikipedia:Verifiability – make sure your article includes reliable third-party sources

You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article.

Improving your odds of a speedy review

To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags.

Add tags to your draft

Editor resources

Easy tools: Citation bot (help) | Advanced: Fix bare URLs

Declined by ToadetteEdit 5 months ago. Last edited by Baker232 4 days ago. Reviewer: Inform author.

This draft has been resubmitted and is currently awaiting re-review.

Submission declined on 10 May 2025 by Caleb Stanford (talk).

This submission appears to read more like an advertisement than an entry in an encyclopedia. Encyclopedia articles need to be written from a neutral point of view, and should refer to a range of independent, reliable, published sources, not just to materials produced by the creator of the subject being discussed. This is important so that the article can meet Wikipedia's verifiability policy and the notability of the subject can be established. If you still feel that this subject is worthy of inclusion in Wikipedia, please rewrite your submission to comply with these policies.

Declined by Caleb Stanford 5 months ago.

ITU-T X.1280 is an international standard from the ITU-T that defines a framework for server authentication using an out-of-band (OOB) mobile device channel.^[1]^[2] The standard (Recommendation), approved in March 2024, was developed based on technology originating from South Korea.^[1]^[3]

The primary goal of this recommendation is to address the verifier impersonation vulnerability—such as phishing or pharming sites—found in traditional authentication methods.^[1]^[2]^[4] A central principle of this framework is the implementation of a mutual authentication procedure.^[2] This procedure requires explicit user verification of the server's legitimacy before submitting authentication credentials, such as passwords.^[2]^[3]

The framework enhances traditional authentication by having the user actively authenticate the server's identity at the start of the process.^[4] This user-first verification helps reduce vulnerabilities such as terminal dependency (seen in some PKI-based methods) and verifier impersonation, which are commonly exploited in conventional authentication schemes.^[2]^[3]

Principle

The core of the X.1280 framework is a user-driven comparison of a "Server Authentication Information" code, which is generated simultaneously on two different channels.^[2]^[3] This process is designed to ensure the user is interacting with the legitimate server before any sensitive information is exchanged.^[2]

Code Generation and Comparison

The primary mechanism is a multi-step process:

Request and Offset Generation: When a user attempts to log in, the authentication system (Verifier) generates a dynamic, session-specific "offset" value. This offset can include data like session ID, IP address, and timestamp.^[2]

Dual Calculation:

Server-side (In-band): The Verifier uses a pre-shared verification key and the new offset to calculate a one-time "Server Authentication Information" code. This code is then displayed to the user on their terminal (e.g., PC browser).^[3]^[2]

Client-side (Out-of-band): The Verifier sends the offset value only to the user's registered mobile device via a separate channel (like a push notification). The mobile authenticator app, which already holds the same verification key, performs the same calculation using the key and the received offset to generate its own code.^[2]^[3]

Visual Comparison by User: The user is presented with two codes: one on their login terminal (in-band) and one on their mobile authenticator (out-of-band).^[1]^[2]

Server Authentication: The user visually compares the two codes. If they match, the user confirms the server's legitimacy by tapping "Approve" on the mobile app. This action verifies the Verifier's authenticity and then allows the user authentication step (such as submitting a PIN or biometric on the phone) to proceed.^[2]^[3]

This method uses a challenge–response one-time password (OTP) algorithm, where the offset acts as the dynamic challenge.^[2]

^ ^a ^b ^c ^d "'모바일 OOB 서버인증' ITU-T 국제표준 채택... "파밍·피싱 차단"" (in Korean). 보안뉴스 (BoanNews). 2024-03-27. Retrieved 2025-11-06.
^ ^a ^b ^c ^d ^e ^f ^g ^h ⁱ ^j ^k ^l ^m "피싱 공격을 막는 새로운 인증 표준, ITU-T X.1280" (in Korean). AhnLab. 2024-05-10. Retrieved 2025-11-06.
^ ^a ^b ^c ^d ^e ^f ^g "이에스이, '모바일 OOB 서버인증' 기술...ITU-T 국제표준 채택" (in Korean). 데일리시큐 (DailySecu). 2024-03-27. Retrieved 2025-11-06.
^ ^a ^b "ITU-T X.1280 국제표준, 피싱 및 파밍 공격 방어의 새 지평 열어" (in Korean). CISO Korea. 2024-07-29. Retrieved 2025-11-06.

[BoanNews-135594-1] "'모바일 OOB 서버인증' ITU-T 국제표준 채택... "파밍·피싱 차단"" (in Korean). 보안뉴스 (BoanNews). 2024-03-27. Retrieved 2025-11-06.

[AhnLab-35977-2] ^ ^a ^b ^c ^d ^e ^f ^g ^h ⁱ ^j ^k ^l ^m "피싱 공격을 막는 새로운 인증 표준, ITU-T X.1280" (in Korean). AhnLab. 2024-05-10. Retrieved 2025-11-06.

[DailySecu-167108-3] ^ ^a ^b ^c ^d ^e ^f ^g "이에스이, '모바일 OOB 서버인증' 기술...ITU-T 국제표준 채택" (in Korean). 데일리시큐 (DailySecu). 2024-03-27. Retrieved 2025-11-06.

[CISOKorea-136043-4] "ITU-T X.1280 국제표준, 피싱 및 파밍 공격 방어의 새 지평 열어" (in Korean). CISO Korea. 2024-07-29. Retrieved 2025-11-06.

[1]

[2]

[3]

[4]

@@ Line 1: / Line 1: @@
+{{Short description|Standard defining the framework for out-of-band server authentication (ITU-T X.1280)}}
+{{Draft topics|software|computing|technology}}
+{{AfC topic|stem}}
+{{AfC submission|||ts=20251106115711|u=Baker232|ns=118}}
 {{AFC submission|d|v|u=Baker232|ns=118|decliner=ToadetteEdit|declinets=20250521073843|ts=20250516060341}} <!-- Do not remove this line! -->
 {{AFC submission|d|adv|u=Baker232|ns=118|decliner=Caleb Stanford|declinets=20250510200235|small=yes|ts=20250422004206}} <!-- Do not remove this line! -->
-{{Short description|Standard defining the framework for out-of-band server authentication (ITU-T X.1280)}} {{Draft topics|software|computing|technology}} {{AfC topic|stem}}
 {{Draft article}} {{Infobox technology standard | title = X.1280 | long_name = Framework for out-of-band server authentication using mobile devices | image = | caption = | status = In force (Recommendation) | year_started = 2022 | version = 1.0 | version_date = {{Start date and age|2024|03|01}} | preview = | preview_date = | organization = [[ITU-T]] | committee = [[ITU-T Study Group 17]] | base_standards = | related_standards = [[X.509]], [[X.1254]] | abbreviation = | domain = [[Cybersecurity]],