Java ME (J2ME) Mobile Software Security Token
The SolidPass™ family of mobile security tokens supports Java ME. The SolidPass™ software token for Java ME is engineered to generate a one-time password (OTP) that dynamically changes. Potential uses of SolidPass include securing access to enterprise applications and vpn connections. The security token can also be used to authenticate users and sign transactions. This is especially useful for online banking and mobile banking security, where it can be embedded in a mobile banking application for seamless authentication.
Java ME One-Time Password (OTP) Generation
The SolidPass Java ME application can be used for either event-based OTP or time-synchronized one-time password generation.
Java ME Two-Factor Authentication (2FA)
SolidPass™ also supports the following additional strong two-factor authentication methods on the Java ME mobile platform:
- Event-Based One-Time Password (OTP)
- Time-Based One-Time Password (OTP)
- PIN control mandatory/optional
- Security Question
- Challenge Response
- Transaction Data Signing (TDS)
- Mutual Authentication (2 WAY Authentication)
Java ME Mobile Token Convenience
The key advantage of the Java ME mobile token is that there are no new devices or wallet-fillers for customers – just an add-on to the device they already carry everywhere. Since customers already own the “hardware” (the Java ME enabled handset), SolidPass™ can be provided and managed at a fraction of the true cost of a hardware token solution. Thanks to its flexible framework, the application can also be updated to guard against new security threats.
iPhone Mobile Software Token Embedded
SolidPass™ is a software token built such that it can be used as a standalone product or embedded in iPhone applications such as mobile banking.
The mobile phone vendors supported include:
- BlackBerry (RIM)
- HP iPac Mobile
Provisioning of Mobile Token
The application can be provisioned in a number of ways include OTA (Over-the-air), Bluetooth,Wap Push, SMS request from a short-code or a long number or from an SMS push from a web interface or a URL from a WAP or mobile Internet portal or from a relevant application store.
Java ME Mobile Software Token Embedded
SolidPass™ is a mobile software token built such that it can be used as a standalone product or embedded in mobile applications such as mobile banking.
Regulatory requirements are pressuring organizations to adopt stronger authentication methods and to secure access to data systems and applications. Static username/password identity management no longer provide enough security to authenticate users accurately. This has led to adopting two-factor authentication systems. Legislation from the Sarbanes-Oxley Act (SOX), guidelines from the Federal Financial Institutions Examination Council (FFIEC), and recommendations from the Health Insurance Portability and Accountability Act (HIPAA) all require that organizations use stronger forms of authentication to mitigate data theft, prevent fraud, protect customer information and patient privacy. SolidPass helps organizations and enterprises comply with regulatory regimes that cover authorization rules and auditing protocols.
In addition to non-compliance, organizations that continue to use static username/passwords face numerous problems ranging from brute force attacks, dictionary attacks, guessing and social engineering.
For the banking industry, 2FA tokens are quickly becoming a mandatory offering for online and mobile banking:
- FFIEC Guidance on 2FA
- PCI Data Security Standards
- FACTA Identity Theft Red Flags
OATH Compliant Java ME (J2ME) Tokens
As a member of the Initiative for Open Authentication, SolidPass Java ME tokens are built OATH compliant. SolidPass uses the standards-based HOTP algorithm endorsed by OATH, providing compatibility with third-party software.
Hardware tokens have a limited life span. After their obsolescence, they have to be discarded and new ones have to be issued. By contrast, mobile tokens are a virtual product using existing hardware thus lessening negative externalities.