Resources |
FOLLOW US |
 |
OUR VENDOR PARTNERS |
|
QUICK LINKS |
CONTACT US |
CIRRUS MANAGEMENT SOLUTIONS LTD T: 01235 854048 |
|
|
|
|
|
|
VPN |
MOBILE BANKING |
TRANSACTION VERIFICATION |
Mobile One-time passwords End-users are required to identify themselves with two unique factors - something they know and something they have - before they are allowed access (e.g., to online banking or the Banks Virtual Private Network). The end-user downloads a FireID application and software token to their mobile phone. This is used to generate one-time passwords (OTP's) securely and out of band. The OTP is then used in addition to the user-name and password to gain secure access to an application or online service. The banks end-users have the convenience of generating one-time passwords on their mobile phones without the need for connectivity to the mobile networks. This means the OTP can be generated anywhere in the world without experiencing SMS latency or costs for the end user or organisation. FireID is capable of successfully provisioning the FireID Personal Authenticator to almost all known mobile phones. We aim to provide a specific build for each make and model phone. This includes native builds for Windows Mobile, Blackberry, Apple iPhone, Symbian, Android and Palm SMS One-time Passwords I n extenuating circumstances where a user has lost their phone or obtained a new device and not yet been provisioned, the FireID authentication server is able to provide a simple API for text message (SMS) OTP integration. This allows organisations to send and verify text-message OTPs using their FireID authentication server. Hardware Tokens Where hardware tokens are required by the end users, FireID provides the option of a key-fob or Card Token. The FireID authentication server can integrate with any OATH-compliant hardware token. The system provides a powerful management interface for hardware tokens, allowing such operations as token import, assignment to users and locking of hardware tokens.
|
FireID Mobile Login With the rapid growth of mobile portals security concerns around their use have escalated rapidly. Some mobile portals, like Mobile Banking, provide critical high-value services that are actively targeted by hackers.
How does FireID Mobile Web Authentication work?
|
The Man-In-The-Browser Threat The MITB attack has received significant attention recently, based on its ability to circumvent strong security measures, including many two-factor authentication methods. In such attacks the hacker infects an end-user's PC with a Trojan, or similar piece of malware, which is capable of covertly faking Internet financial transactions in the end-user's Web browser. The end-user could login securely by using one-time passwords, however, because the attack modifies the secure session, the end-user is still vulnerable. A Simple, Effective Solution Off-line Transaction Verification With FireID Transaction Verification, payments and transactions are protected with an added level of security thus preventing man-in-the-browser attacks. Using something the end-user already has, a mobile phone, FireID provides a secure and easy way to ensure that only legitimate payments are made. FireID allows end-users to carry any number of Transaction Verification and OTP tokens on their phone. Transaction Verification requires that the user enter sufficient information to characterise the transaction into their mobile device. This information is used to create a unique signature to the transaction which is then entered by the user into the banking web application in order to verify the transaction. Online Transaction Verification. In Online Transaction Verification the user is not required to enter transaction details. Instead these are automatically downloaded by the mobile application and displayed to the user via the browser. When the user confirms the transaction, the mobile application will sign the transaction and automatically upload the transaction signature in order to confirm the transaction. This removes the need for the user to manually enter transaction information. This solution requires the user to be online. |
FireID PROVISIONING PROCESS |
||
The FireID provisioning process is designed to be as simple and automated as possible. It is necessary to perform a once-off installation of the FireID token application on each user's mobile phone, and to migrate their account from normal static passwords to OTPs, generated by the FireID system. Users can be provisioned individually or in groups, making the provisioning process easier to manage. Only once a user has successfully installed the token application, and activated it, will their account switch over to FireID for authentication. During provisioning, each user will receive an automatically generated e-mail from the FireID server, and will begin the online self-provisioning tutorial. This will verify the user's identity and mobile phone number. From there, a simple walk-through process is followed, which advances through the steps as it detects that the user has performed the required actions on their mobile device to download and install the application. The provisioning process is able to deliver an appropriate version of the FireID token application suitable for the specific mobile device, its capabilities and specifications. The token application can optionally prompt for an activation code, once the user has successfully completed the installation. The code can be delivered separately to each user as an additional security measure to ensure identity verification. Users can be provisioned individually or in groups, making the provisioning process easier to manage. Only once a user has successfully installed the token application, and activated it, will their account switch over to FireID for authentication |
||
For more information or details contact us on +44 (0)1235 854048 |
||
