SolidPass is a security token that supports Challenge Response Authentication

A challenge response is a series of steps in which one party presents a question ("challenge") and another party must provide a valid answer ("response") in order to be verified or authenticated. A challenge response protocol is essentially password authentication, where the challenge requests the password and the valid response is the correct password.

For optimum security SolidPass™ offers the following OTP (One-Time Password) generation methods which require a challenge response:

• Challenge Response-Based OTP
  
• Time-Based and Challenge Response-Based OTP Generation
  
• Challenge Response (with or without Time)-Based OTP Generation with Security Question
  
• Challenge Response (with or without Time)-Based OTP Generation with Transaction Signing
  
• Challenge Response (with or without Time)-Based OTP Generation with Security Question and Transaction Signing

Once the SolidPass™ authenticating system receives the password, it can respond with a challenge code. The challenge code will always contain previously agreed upon data (the encrypted information exists in the phone application).

Challenge Response Software Token Embedded

SolidPass™ is a software authentication token built such that it can be used as a standalone product or embedded in mobile applications such as mobile banking. Thus strong authentication can be built into standalone mobile apps or desktop-based applications.

Regulatory Compliance

Regulatory requirements are pressuring organizations to adopt stronger authentication methods and to secure access to data systems and applications.  Static username/password identity management no longer provide enough security to authenticate users accurately.  This has led to adopting two-factor authentication systems.  Legislation from the Sarbanes-Oxley Act (SOX), guidelines from the Federal Financial Institutions Examination Council (FFIEC), and recommendations from the Health Insurance Portability and Accountability Act (HIPAA) all require that organizations use stronger forms of authentication to mitigate data theft, prevent fraud, protect customer information and patient privacy.  SolidPass helps organizations and enterprises comply with regulatory regimes that cover authorization rules and auditing protocols.
In addition to non-compliance, organizations that continue to use static username/passwords face numerous problems ranging from brute force attacks, dictionary attacks, guessing and social engineering.
For the banking industry, 2FA tokens are quickly becoming a mandatory offering for online and mobile banking:

• FFIEC Guidance on 2FA
• PCI Data Security Standards
• FACTA Identity Theft Red Flags

SolidPass Time-Synchronized security token can be used to prevent the following:

• Phishing Attacks
• Pharming Attacks
• Man-In-The-Middle Attacks
• DNS Cache Poisoning Attacks
• Trojans Attacks
• Man-In-The-Phone Attacks
• Browser Poisoning Attacks
• Dictionary Attacks
• Brute-Force Attacks

OATH Compliant Challenge Response Tokens ,

As a member of the Initiative for Open Authentication, SolidPass™ tokens are built OATH compliant. SolidPass uses the standards-based strong two-factor authentication HOTP algorithms endorsed by OATH, providing compatibility with third-party software.

Easy integration of SolidPass into existing IT back-ends and support of various architectures:

• RADIUS Server Support
• LDAP support
• SOAP/Webservices
• Microsoft IAG 2007 SSL VPN
• BlackBerry Enterprise Server (BES) support
• Citrix Secure Access Gateway
• Cisco VPN
• SOA architecture

Server OS independent

The authentication server is OS independent and supports Linux (tested on most distributions like Redhat, Ubuntu and Novell Suse), Microsoft Windows Server (NT, 2003, XP), Sun Solaris and all operating systems that support enterprise Java.

Custom Branded Security Tokens for Financial Institutions and Enterprises

Custom branding is an available option for SolidPass security tokens. This is especially useful for Banks and large corporations.

Industries and verticals that the SolidPass security token is appropriate for:

• Banking/Finance
• Healthcare
• Public Sector
• Homeland Security
• Professional Services
• Corporate Security
• Cloud Computing Security

Solutions that the event-based SolidPass is appropriate for include:

• Online Banking Security
• Mobile Banking Security
• E-Commerce Security
• VPN Access Security
• Network Access Security
• Identity Management
• Embedded Token
• Mobile Authentication
• Software-as-a-Service (SaaS)

Environmental Footprint

Hardware tokens have a limited life span. After their obsolescence, they have to be discarded and new ones have to be issued. By contrast, mobile tokens are a virtual product using existing hardware thus lessening negative externalities.