Even if a user or device is authenticated once, Zero Trust prevents illegal access through continuous authentication, such as accessing sensitive or high-level information, or re-authenticates the user or device after a certain period of time has elapsed. That's the way to stop it.
The strongest authentication method is MFA (Multi-Factor Authentication), and it can be achieved by a combination of different authentication factors.
For example, you can authenticate once with ID/password, which is knowledge based authentication, and authenticate once again with what you have.
Various devices of ownership-based authentication
For device authentication, challenge-response-based HMAC authentication can be performed based on PUF through the PUF chip or module installed or mounted in the device. Based on these HMAC authentication methods, we can provide login services such as Social Logon.
User authentication can be used as a key to access the information in the PUF in conjunction with the user's bio information to authenticate the information in the PUF that functions as a Digital Secure Vault. How to store the user bio data in the PUF, or Bio information and PUF information can be combined for authentication. This authentication method is the same solution as FIDO1/2, and ICTK can supply it.
What is Hardware Root of Trust (HRoT)?