Mobile Authentication For Secure Online Services

Technology Overview

Second factor authentication, commonly denoted as 2FA, is increasingly being used by online service providers to safeguard user accounts and authenticate sensitive transactions. The traditional “What You Know” mechanism of usernames and passwords has proven to be inadequate in the face of modern attacks such as sophisticated password breach, social engineering etc. 2FA provides an additional layer of security by also verifying “What You Have”, for example, the user’s mobile phone or hardware token.

Our 2FA solution, named Mobile Authentication for Secure Online Services, utilizes modern devices, such as smart phones and tablets, and employs cryptographic authentication which is more secure than 2FA solutions available today.

MASS enables new models of authentication which existing solutions can’t, thus enhancing end user experience and opening up new business models and revenue streams for service providers.

Technology Features & Specifications

The core of our solution is our authentication server, which handles the authentication requests from the service providers’ servers. Upon receipt of a request from a service provider, our server performs 2FA on the user’s device, and replies back to the service provider the result of the authentication. As such, our technology not only uses a 2nd factor for authentication, it also uses a 2nd channel to perform the authentication. This provides greater defence against man-in-the-middle (MITM) attacks, which is the greatest weakness in current 2FA systems.

Our system is setup by end-users in two easy steps-

  1. Install our mobile app (or third-party app incorporating our technology's functionality) on smartphone or tablet of choice.
  2. Set a PIN and do a one-time device registration from within the app.

The user could then perform an action that requires 2FA (for example, an online purchase or cloud login), receive a notification on the registered device and key-in the PIN to authenticate.

The authentication method employed by our technology does not store user’s PIN numbers. No reference to PINs is stored, neither in plaintext nor in cipher/digest, in devices nor in the authentication servers. Cyber-attacks on devices or authentication servers in search of PINs will be futile.

Value Proposition

  • Cryptographic 2FA
    • Protect your services and enjoy peace of mind with enhanced security.
    • Satisfy compliance and regulatory requirements, such as PCI-DSS, with confidence.
  • Endpoint selection
    • Enhance user experience by allowing registration of multiple devices for 2FA.
    • Users select their preferred device to perform 2FA with before any transaction.
    • Great for users who own multiple devices or families that share devices.
  • Device Restriction
    • Restrict the number of devices on which an account can be accessed.
    • Prevent revenue loss due to sharing of usernames and passwords.
  • Principal Authentication
    • Authenticate multiple accounts via a single device assigned as the “master device”
    • Control and restrict transactions by children, subordinates etc. via master device.
  • Tiered 2FA with A3
    • Balance security and user experience depending of sensitivity of transaction.
    • Announce – Notify user after an action has been performed [For medium security]
    • Approve – Request approval or rejection from user before transaction is performed [For high security]
    • Authenticate – Request approval or rejection, and PIN from user, before transaction is performed [For very high security]

Potential Applications

  • Web account log-in protection
  • Monetary transaction protection
  • Applications requiring device-based access control
    • Digital content providers may want to restrict number of devices per account, to prevent account sharing
  • Parental control applications
    • Real-time control of child’s online activities
  • Enterprise applications
    • BYOD accounts protection
    • Protecting admin accounts with high privileges
    • Authorize employee’s online requests and activities
  • Collaborative applications
    • By supporting multiple devices, teams can easily work in a more secure environment.

Customer Benefits

Our technology supports centralized as well as de-centralized deployment models such that the solution can be hosted within a service provider’s own data centre or hosted by an external party. This imparts service providers the flexibility to select the most appropriate deployment model.

We are currently in an advanced stage of development and a proof-of-concept prototype has been developed. We hope to collaborate with companies that are interested in our technology for commercial applications.

Make an Enquiry