Second factor authentication, commonly denoted as 2FA, is increasingly being used by online service providers to safeguard user accounts and authenticate sensitive transactions. The traditional “What You Know” mechanism of usernames and passwords has proven to be inadequate in the face of modern attacks such as sophisticated password breach, social engineering etc. 2FA provides an additional layer of security by also verifying “What You Have”, for example, the user’s mobile phone or hardware token.
Our 2FA solution, named Mobile Authentication for Secure Online Services, utilizes modern devices, such as smart phones and tablets, and employs cryptographic authentication which is more secure than 2FA solutions available today.
MASS enables new models of authentication which existing solutions can’t, thus enhancing end user experience and opening up new business models and revenue streams for service providers.
The core of our solution is our authentication server, which handles the authentication requests from the service providers’ servers. Upon receipt of a request from a service provider, our server performs 2FA on the user’s device, and replies back to the service provider the result of the authentication. As such, our technology not only uses a 2nd factor for authentication, it also uses a 2nd channel to perform the authentication. This provides greater defence against man-in-the-middle (MITM) attacks, which is the greatest weakness in current 2FA systems.
Our system is setup by end-users in two easy steps-
The user could then perform an action that requires 2FA (for example, an online purchase or cloud login), receive a notification on the registered device and key-in the PIN to authenticate.
The authentication method employed by our technology does not store user’s PIN numbers. No reference to PINs is stored, neither in plaintext nor in cipher/digest, in devices nor in the authentication servers. Cyber-attacks on devices or authentication servers in search of PINs will be futile.
Our technology supports centralized as well as de-centralized deployment models such that the solution can be hosted within a service provider’s own data centre or hosted by an external party. This imparts service providers the flexibility to select the most appropriate deployment model.
We are currently in an advanced stage of development and a proof-of-concept prototype has been developed. We hope to collaborate with companies that are interested in our technology for commercial applications.