SolidPass security token uses private key and challenge code answers to user-specific security questions. Security questions and transaction information are included in the challenge code generation process depending on the type of transactions to be validated. The use of a security question can be combined with other authentication mechanisms like time-based or event-based one-time passwords.
SolidPass supports the following strong authentication methods:

• Event-based One-Time Password (OTP)
• Time-based One-Time Password (OTP)
• PIN control mandatory/optional
• Security Question
• Challenge-Response
• Transaction Data Signing (TDS)
• Mutual Authentication (2 WAY)

SolidPass can be used to prevent the following:

• Phishing Attacks
• Pharming Attacks
• Man-In-The-Middle Attacks
• DNS Cache Poisoning Attacks
• Trojan Attacks
• Man-In-The-Phone Attacks
• Browser Poisoning Attacks

Mobile Token Convenience

The key advantage of the mobile token is that there are no new devices or wallet-fillers for customers – just an add-on to the device they already carry everywhere. Since customers already own the “hardware” (the mobile phone), SolidPass can be provided and managed at a fraction of the true cost of a hardware token solution. Thanks to its flexible framework, the application can also be updated to guard against new security threats.
SolidPass works on a number of different mobile platforms. The supported mobile platforms include:

• Android
• Blackberry
• Brew
• iPhone
• Java ME (J2ME)
• Mobile Linux
• Palm
• Symbian
• Windows Mobile

The mobile phone vendors supported include:

• Apple
• Asus
• BenQSiemens
• BlackBerry (RIM)
• Dell
• HP iPac Mobile
• HTC
• Huawei
• i-mate
• LG
• Motorola
• NEC
• Nokia
• Palm
• Panasonic
• Samsung
• SonyEricsson
• Vodafone
• ZTE

Desktop Soft Token

SolidPass also supports desktop-based software tokens as well. The Desktop Operating Systems and Browsers supported are:

• Toolbar Token
• Java Token
• Linux Token
• Mac Token
• Windows Token

Software Token Embedded

SolidPass is a software token built such that it can be used as a standalone product or embedded in mobile applications such as mobile government.  Thus strong authentication can be built into standalone applications. This is especially useful for online banking and mobile banking security, where SolidPass can be embedded in a mobile banking application for seamless authentication.
H3 Regulatory Compliance
Regulatory requirements are pressuring organizations to adopt stronger authentication methods and to secure access to data systems and applications.  Static username/password identity management no longer provide enough security to authenticate users accurately.  This has led to adopting two-factor authentication systems.  Legislation from the Sarbanes-Oxley Act (SOX), guidelines from the Federal Financial Institutions Examination Council (FFIEC), and recommendations from the Health Insurance Portability and Accountability Act (HIPAA) all require that organizations use stronger forms of authentication to mitigate data theft, prevent fraud, protect customer information and patient privacy.  SolidPass helps organizations and enterprises comply with regulatory regimes that cover authorization rules and auditing protocols.
In addition to non-compliance, organizations that continue to use static username/passwords face numerous problems ranging from brute force attacks, dictionary attacks, guessing and social engineering.
SolidPass security token can be used to prevent the following:

• Phishing Attacks
• Pharming Attacks
• Man-In-The-Middle Attacks
• DNS Cache Poisoning Attacks
• Trojans Attacks
• Man-In-The-Phone Attacks
• Browser Poisoning Attacks

OATH Compliant 2FA Tokens

As a member of the Initiative for Open Authentication,  SolidPass 2FA tokens are built OATH compliant.