Token OTP ... using Secure Element in Mobile Phone.

Security of hardware token + convenience of app (software) token

Token OTP ... using Secure Element in Mobile Phone. Security vs. Convenience : Do You Still Need to Choose One or the Other? Most Secure + User Friendly Authentication.  Ultra-strong authentication to protect internet and mobile banking. Security of hardware token + convenience of app (software) token.

There is no one-size-fits-all security solution.

Bank or financial institutions :-

  • “High net worth” customers.

  • SMI/SME customers.

  • For customers who need a more secure security when doing mobile or internet banking.

Private network of companies :-

  • “One up” on company’s resolve to protect staff from internet fraud.

  • Resolve any “perceived” internet security issue.

  • Mitigate future malware or virus issues in tandem with internet security.

We had been looking at the various issues of the respective authentication methods. Our solution is into secure element overlay. Our latest solution is pertaining to token OTP ... sticking secure element on top of customer's SIM.

 
The present prevailing OTP authentication methods have several issues :-

  • SMS OTP : man-in-the-middle attacks, snooping, etc.

  • App based OTP : malware, virus etc on the phone.

  • Hardware based OTP token : inconvenience (lose, misplace, etc)

  • Biometric : still not accurate and expensive

It can be "concluded" that the most effective OTP solution is still a solution that has hardware component.

Tootpay’s solution starts with an overlay chip (secure element).
Encryption and algorithm “programmed” into the overlay chip.

  1. Customer gives his/her telco SIM to the bank officer.

  2. Bank officer sticks overlay chip onto customer’s telco SIM.

  3. Customer inserts SIM (with overlay chip) into phone; and switches on the phone and uses the OTP services. No installation of software or downloads required.

Do note that all the implementation is done at bank's data center. Nothing resides with us.

Our token OTP solution ... sticking secure element on top of customer's telco SIM.
Provides powerful authentication to make mobile/internet banking and remote access to the company network and sensitive data safe and hassle-free.

1. Hardware security token

• Token cannot be reused
  » Eliminates fraudulent activities.
  » No man-in-the-middle attack.

2. User friendly

• Plug & play
  » No Installation and no need to download any application.
  » No internet or SMS required.
  » Avoid the downtime and risk of misplaced or broken physical authenticators.

• Easy to use - menu driven
  » Menu based operation for smartphones and feature (basic) mobile phones.

3. Cost effective & fast deployment

• Low deployment & operational cost
• Uses bank’s existing infrastructure
  » Low cost to deploy leveraging on existing resources and infrastructure.

4. Telco Independent

• Works with all telco providers
  » Works with all telcos’ SIM card.

5. Secure

• Enhances security
  » Via IMSI lock, IMEI lock etc.

6. Device independent

• Works on almost all mobile O/S
• Works on most phones
  » Works on any STK supported handset.
  » Works in most feature (basic) phones and smartphones.

7. Benefits

• High cost savings for fraud operations and customer support
• Enhances customer experience
  » Increased customer loyalty, convenience and satisfaction.

8. Flexibility of deployment

• Multiple OTP methods with one deployment
  » OTP
       {HMAC-based One Time Password (HOTP) – RFC 4226}

  » Time based OTP

       {Time-based One Time Password (TOTP) – RFC 6238}
  » Challenge-response OTP
      {OATH Challenge-Response Algorithms (OCRA) – RFC 6287}
  » Event based OTP.

• Multiple algorithm

  » HOTP algorithm from OATH.
  » OCRA algorithm form OATH.

Copyright © 2020 Tootpay. All Rights Reserved.