Draft:X.1280

Submission declined on 21 May 2025 by ToadetteEdit (talk). This submission is not adequately supported by reliable sources. Reliable sources are required so that information can be verified. If you need help with referencing, please see Referencing for beginners and Citing sources. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by ToadetteEdit 3 days ago. Last edited by ToadetteEdit 3 days ago. Reviewer: Inform author. Resubmit Please note that if the issues are not fixed, the draft will be declined again.

Submission declined on 10 May 2025 by Caleb Stanford (talk). This submission appears to read more like an advertisement than an entry in an encyclopedia. Encyclopedia articles need to be written from a neutral point of view, and should refer to a range of independent, reliable, published sources, not just to materials produced by the creator of the subject being discussed. This is important so that the article can meet Wikipedia's verifiability policy and the notability of the subject can be established. If you still feel that this subject is worthy of inclusion in Wikipedia, please rewrite your submission to comply with these policies. Declined by Caleb Stanford 14 days ago.

• Comment: This is an advertisement for a particular product standard, not an encyclopedic article that covers information about the project as covered in reliable, independent sources. Caleb Stanford (talk) 20:02, 10 May 2025 (UTC)

This is a draft article. It is a work in progress open to editing by anyone. Please ensure core content policies are met before publishing it as a live Wikipedia article. Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL Easy tools: Citation bot (help) | Advanced: Fix bare URLs · Article logs · Draft logs. Last edited by ToadetteEdit (talk | contribs) 3 days ago. (Update) Finished drafting? Submit for review or Publish now

X.1280 is an International Telecommunication Union(ITU) standard for verifying a service provider before user information.^[1]

The title of x.1280 is out-of-band server authentication. This standard contains out-of-band authentication and mutual authentication. The out-of-band authentication makes it difficult for attackers to intercept because the attackers need to hijack two channels at the same time. ^[2] Mutual authentication can increase the security level compared to one-way authentication. One-way authentication only verifies the user's identity, but mutual authentication verifies the user and the service providers. In this way, mutual authentication can help stop some kinds of attacks.^[3]

• On-path attacks
• Spoofing and impersonation
• Credential theft

X.1280 uses an out-of-band mobile authenticator, typically a smartphone, and may incorporate biometric authentication for applying MFA(Multi-factor authentication). However, a key feature is that no additional hardware, such as dedicated security tokens, is required beyond a smartphone. It allows the use of a unified authenticator across various devices. To authenticate via X.1280, prior registration is required. When a service provider supports X.1280-based authentication, the mobile authenticator must first be registered and then used for authentication.

The X.1280 standard is designed to:

• Enhance security by enabling mutual authentication between users and service providers, ensuring protection against verifier impersonation.
• Eliminate device dependency by using an out-of-band mobile authenticator, allowing seamless authentication across multiple devices.

X.1280 enables advanced authentication methods, including:

• User-centric authentication: Users verify the service provider before providing credentials, simplifying the authentication process and enhancing security.
• Mutual authentication: Both the user and the service provider verify each other, shifting from one-way to two-way authentication.
• Unified authentication: A single mobile authenticator supports authentication across diverse devices, such as computers, smartphones, automated teller machines (ATMs), and artificial intelligence (AI) speakers, eliminating the need for device-specific authenticators.^[4]

X.1280 enables out-of-band authentication, a method using a separate communication channel for authentication,^[2] requiring only a smartphone.^[4] Mutual authentication, where both parties verify each other's identity,^[3] helps reduce risks of fake site attacks, as demonstrated by EAP-NOOB ^[5] and Ejiyeh's UAV D2D protocols.^[6] Out-of-band authentication enhances this security by using a separate channel, as seen in similar protocols.^[5] IoT security standards increasingly incorporate out-of-band authentication for enhanced security.^[7]

X.1280 requires a smartphone, limiting access for users without one. Companies operating servers must develop a mobile app, increasing implementation costs. Network setup complexity may increase in firewall environments due to required configurations, as seen in out-of-band authentication systems. Two-step login may increase authentication time, potentially causing user inconvenience. Similar complexities are noted in IoT authentication standards.^[4]

• June 29, 2022: Registered as TTAK.KO-12.0383 by the Telecommunication Technology Association (TTA) in South Korea.^[8]
• 2022: Adopted by ITU-T as X.oob-sa.^[7]
• March 1, 2024: Redesignated as X.1280 by ITU-T.^[4]

X.1280 authentication involves a two-step process: registering a mobile authenticator and performing mutual authentication between the user and the service provider.

• Authenticator registration

1. A user needs to install a mobile application to communicate with an authentication server.
2. After that, the user needs to request registration from a client. It can be a PC or something else.
3. Then, the client sends a registration request to the authentication server.
4. The authentication server generates secure data. In process 8, when the mobile sends a request, the request must contain the secure data.
5. The authentication server sends information that contains the secure data for verification.
6. The client provides registration information to the user by an allowed method, such as Email, SMS, QR code, etc.
7. The user inputs the data received from the client into the pre-installed mobile application.
8. The application requests verification from the authentication server.
9. If the request contains secure data, the authentication server registers mobile application information.
10. The authentication server sends a verification key to the mobile application. The application stores the key.

• Authentication process

1. A user who registered an authenticator(out-of-band authenticator) request logs in on a client.
2. Authentication server receives verification request from the client.
3. The authentication server generates secure data to verify the authenticator.
4. The authentication server sends authentication information to the client.
5. The client shows authentication information by text or sound, depending on the type of the client.
6. The authentication server sends a dataset to the authenticator to generate authentication information.
7. The authenticator generates authentication information. If the user attempts to log in on a fake client (e.g., a fraudulent web page), the authentication information displayed will differ from that generated by the out-of-band server authenticator.
8. The authenticator provides authentication information by text or sound, depending on the setting of the mobile application.
9. The user can approve or reject on the authenticator. When the user approves, additional Multifactor authentication steps (e.g., Knowledge : PIN, Possession: The mobile, Inherent : biometrics) may be required, depending on the verifier’s or mobile application policy.
10. The authenticator generates user authentication information to send to the authentication server.
11. The authenticator sends the user authentication information.
12. The authentication server authenticates the user if the user's authentication information matches.
13. The authentication server sends the user authentication result to the client.
14. The client presents a post-login service if the result is positive.