Token OTP ... using Secure Element in Mobile Phone.

Security vs. Convenience : Do You Still Need to Choose One or the Other?
Most Secure + User Friendly Authentication.
Ultra-strong authentication to protect internet and mobile banking.

Security of hardware token + convenience of app (software) token

There is no one-size-fits-all security solution.

Bank or financial institutions :-

  • “High net worth” customers.

  • SMI/SME customers.

  • For customers who need a more secure security when doing mobile or internet banking.

Private network of companies :-

  • “One up” on company’s resolve to protect staff from internet fraud.

  • Resolve any “perceived” internet security issue.

  • Mitigate future malware or virus issues in tandem with internet security.

We had been looking at the various issues of the respective authentication methods. Our solution is into secure element overlay. Our latest solution is pertaining to token OTP ... sticking secure element on top of customer's SIM.

The present prevailing OTP authentication methods have several issues :-

  • SMS OTP : man-in-the-middle attacks, snooping, etc.

  • App based OTP : malware, virus etc on the phone.

  • Hardware based OTP token : inconvenience (lose, misplace, etc)

  • Biometric : still not accurate and expensive

It can be "concluded" that the most effective OTP solution is still a solution that has hardware component.

Tootpay’s Secure Element Mobile OTP Token For Online Access

  • Simple solution for secure remote access with strong authentication; for fraud protection.

  • Secure and convenient OTP token, based on smart card chip technology enables any user , whether at home, traveling or mobile, to logon securely.

  • Tootpay’s mobile financial solution helps banks, financial institutions and private/company network access have a seamless internet / mobile deployment; it works on almost any mobile device - flexible, encrypted, menu driven and without internet or sms.

Tootpay’s solution starts with an overlay chip (secure element).
Encryption and algorithm “programmed” into the overlay chip.

  1. Customer gives his/her telco SIM to the bank officer.

  2. Bank officer sticks overlay chip onto customer’s telco SIM.

  3. Customer inserts SIM (with overlay chip) into phone; and switches on the phone and uses the OTP services. No installation of software or downloads required.

2FA Hardware token & software token. Simple solution for secure remote access with strong authentication; for fraud protection.   Secure and convenient OTP token, based on smart card chip technology enables any user , whether at home, traveling or mobile, to logon securely.

Do note that all the implementation is done at bank's data center. Nothing resides with us.

Our token OTP solution ... sticking secure element on top of customer's telco SIM.
Provides powerful authentication to make mobile/internet banking and remote access to the company network and sensitive data safe and hassle-free.

Securing your internet/mobile banking experience with Two-Factor Authentication
Tootpay’s secure element overlay OTP enables two factor authentication onto existing mobile phones. The overlay is affixed onto user’s existing SIM card. It is virtually plug-and-play. No download and resetting needed. It works on most of the existing mobile phones - features phones and smartphones.

Better Security at Lower Cost
Tootpay’s overlay OTP solution is a two-factor authentication solution similar to physical smart cards and tokens, but at lower total cost of ownership. Similar to USB security tokens and physical smart cards, it provides greater certainty that users are who they say they are.

The solution provides banks and financial institutions with a hardware-based, two-factor authentication secure solution with the security of hardware token solution and the convenience and cost savings of a software token solution - the best of both worlds.

1. Hardware security token

• Token cannot be reused
  » Eliminates fraudulent activities.
  » No man-in-the-middle attack.

2. User friendly

• Plug & play
  » No Installation and no need to download any application.
  » No internet or SMS required.
  » Avoid the downtime and risk of misplaced or broken physical authenticators.

• Easy to use - menu driven
  » Menu based operation for smartphones and feature (basic) mobile phones.

3. Cost effective & fast deployment

• Low deployment & operational cost
• Uses bank’s existing infrastructure
  » Low cost to deploy leveraging on existing resources and infrastructure.

4. Telco Independent

• Works with all telco providers
  » Works with all telcos’ SIM card.

5. Secure

• Enhances security
  » Via IMSI lock, IMEI lock etc.

6. Device independent

• Works on almost all mobile O/S
• Works on most phones
  » Works on any STK supported handset.
  » Works in most feature (basic) phones and smartphones.

7. Benefits

• High cost savings for fraud operations and customer support
• Enhances customer experience
  » Increased customer loyalty, convenience and satisfaction.

8. Flexibility of deployment

• Multiple OTP methods with one deployment
  » OTP
       {HMAC-based One Time Password (HOTP) – RFC 4226}

  » Time based OTP

       {Time-based One Time Password (TOTP) – RFC 6238}
  » Challenge-response OTP
      {OATH Challenge-Response Algorithms (OCRA) – RFC 6287}
  » Event based OTP.

• Multiple algorithm

  » HOTP algorithm from OATH.
  » OCRA algorithm form OATH.