!!! Overview
[{$pagename}] is intended to provide the highest practical remote network [authentication] assurance. 


[{$pagename}] [authentication] is based on [proof-of-Possession] of a key through a cryptographic protocol. 

[{$pagename}] is similar to [LOA 3] except that only [“hard” cryptographic tokens|Hard tokens] are allowed, [FIPS] 140-2 cryptographic module validation requirements are strengthened, and subsequent critical data transfers must be [authenticated] via a key bound to the [authentication] process. The [token] shall be a hardware cryptographic module validated at [FIPS] 140-2 Level 2 or higher overall with at least [FIPS] 140-2 Level 3 physical security. By requiring a [physical token|Hard tokens], which cannot readily be copied and since [FIPS] 140-2 requires operator [authentication] at [LOA 2] and higher, this level ensures good, [two factor remote authentication|Multi-Factor Authentication].

[{$pagename}] requires strong [cryptographic] [authentication] of all parties and all sensitive data transfers between the parties. Either [Public Key] or [Symmetric Key] technology may be used. [Authentication] requires that the claimant prove through a [secure connection] that he or she controls the [token]. The protocol threats including: eavesdropper, replay, on-line guessing, [verifier] impersonation and [man-In-The-Middle] attacks are prevented. Long-term shared [authentication] secrets, if used, are never revealed to any party except the claimant and [verifiers] operated directly by the [Credential Service Provider] ([CSP]), however session (temporary) shared secrets may be provided to independent [verifiers] by the CSP. Strong Approved cryptographic techniques are used for all operations. All sensitive data transfers are cryptographically authenticated using keys bound to the authentication process.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]