2 Factor Authentication

The continued concerns associated with online banking fraud (up 44% from 2006) and the £155m of theft attributed to Internet shopping fraud has increased the necessity for hardline security measures.

2 Factor Authentication is widely acknowledged to be the solution to significantly reducing fraudulent activities. By using standard passwords and user log-ins combined with a unique numeric code re-generated every 60 seconds, the opportunities for criminals to hack into accounts and use credit card numbers for purchases are diminished.

Until recently, 2 Factor Authentication codes have been generated on a fob, USB or token that has to be carried by the authorised user. This system, although providing the level of security required, is not without its problems;

User must remember to carry token, fob or USB with them at all times
The physical unit (whether token, fob or USB) has a cost associated with manufacture and distribution
If the unit is lost or stolen, unless it is password protected there is still a risk of fraudulent activity

Taking into account the issues currently experienced by deployers and users of 2 Factor Authentication systems, CDT can now offer a 2 Factor Authenticator on the mobile phone, thus removing the requirement for a separate physical device.

Using the m-Crypt:API technology which provides AES-256 bit encryption, the application is compatible with Java enabled handsets and has been developed to take up minimal space on the phone's memory.

The application is downloaded to the user's phone, and a Partial User Private Key is assigned during installation. This is in turn securely stored on the m-2Factor database and fixed to that mobile phone number and handset.

To access the "token", the user is assigned a pin code (in the same vein as a credit or debit card). Entry of the pin will enable access to the virtual token which can then be entered as the second phase of authentication. The token generator will refresh every 60 seconds to present a new numeric string in synchronisation with the server.

The cost of deployment via OTA download is significantly less than the distribution of physical tokens, and there is no requirement for tokens to be updated, have the batteries changed or for replacements to be provided in the event of loss or theft.

>>
...........................................
>>
...........................................
>>
...........................................
>>
...........................................
>>
...........................................
>>
...........................................
>>
...........................................
>>