One-Time Password (OTP) Generator
The purpose of a one-time password (OTP) generator is to make it more difficult to gain unauthorized access to restricted resources, like a bank account or a database with sensitive information. Static user names and passwords can be accessed more easily by an unauthorized intruder given enough attempts and time. By constantly altering the password, as is done with a one-time password, this risk can be greatly reduced. Conventional authentication solutions that issue one time passwords, make use of a key fob or hardware token to generate OTPs. The cost and maintenance of these tokens, plus the distribution and management thereof, demands more logistical resources as well as additional costs.
The SolidPass System offers several advantages over existing solutions and has been developed to significantly reduce overhead and maintenance cost. It is software-based for the devices that the customers already own, easily deployed and installed with a simple tutorial for the end user. PIN control for OTP generation is option.
SolidPass supports the following strong two-factor authentication methods:
- Event-based One-Time Password (OTP)
- Time-based One-Time Password (OTP)
- Security Question
- Challenge-Response
- Transaction Data Signing (TDS)
- Mutual Authentication
Mobile Token Convenience
The key advantage of the mobile token is that there are no new devices or wallet-fillers for customers – just an add-on to the device they already carry everywhere. Since customers already own the “hardware” (the mobile phone), SolidPass can be provided and managed at a fraction of the true cost of a hardware token solution. Thanks to its flexible framework, the application can also be updated to guard against new security threats.
SolidPass works on a number of different mobile platforms (both feature and smartphones). Solidpass mobile tokens include the following:
- Android Event-based Token
- Blackberry Event-based Token
- Brew Event-based Token
- iPhone Event-based Token
- Java ME Token Event-based (J2ME)
- Mobile Linux Event-based Token
- Palm Event-based Token
- Symbian Event-based Token
- Windows Mobile Event-based Token
Desktop Soft Token
SolidPass also supports desktop-based software tokens as
well. The Desktop Operating Systems and Browsers
supported are:
- Toolbar One-Time Password Token
- Java One-Time Password Token
- Linux One-Time Password Token
- Mac One-Time Password Token
- Windows OS One-Time Password Token
SolidPass Event-based security token can be used to prevent the following:
- Phishing Attacks
- Pharming Attacks
- Man-In-The-Middle Attacks
- DNS Cache Poisoning Attacks
- Trojans Attacks
- Man-In-The-Phone Attacks
- Browser Poisoning Attacks
Software Token Embedded
SolidPass is a software authentication token built such that it can be used as a standalone product or embedded in mobile applications such as mobile banking. Thus strong authentication can be built into standalone mobile apps or PC applications.
Regulatory Compliance
Regulatory requirements are pressuring organizations to adopt
stronger authentication methods and to secure access to data
systems and applications. Static username/password
identity management no longer provide enough security to
authenticate users accurately. This has led to adopting
two-factor authentication systems. Legislation from the
Sarbanes-Oxley Act (SOX), guidelines from the Federal
Financial Institutions Examination Council (FFIEC), and
recommendations from the Health Insurance Portability and
Accountability Act (HIPAA) all require that organizations use
stronger forms of authentication to mitigate data theft,
prevent fraud, protect customer information and patient
privacy. SolidPass helps organizations and enterprises
comply with regulatory regimes that cover authorization rules
and auditing protocols.
In addition to non-compliance,
organizations that continue to use static username/passwords
face numerous problems ranging from brute force attacks,
dictionary attacks, guessing and social engineering.
For the banking industry, 2FA tokens are quickly becoming a
mandatory offering for online and mobile banking:
- FFIEC Guidance on 2FA
- PCI Data Security Standards
- FACTA Identity Theft Red Flags
OATH Compliant Event-based Tokens
As a member of the Initiative for Open Authentication, SolidPass one-time-password tokens are built OATH compliant. SolidPass uses the standards-based HOTP algorithm endorsed by OATH, providing compatibility with third-party software
One-Time Password Algorithms
SolidPass uses industry standard HMAC one-time password algorithms for both event and time-based OTPs. mention HOTP ....