A security token (also known as a hardware token or software token) may be a physical device or a software application that an authorized user of a computer service utilizes to execute authentication. Both hard and soft security tokens can be used to verify a user's identity in addition to a password in order to execute a transaction. Security tokens are essentially an electronic key to access confidential, personal and/or sensitive information.

The following authentication methods are available in SolidPass security tokens:

• Event-based One-Time Password (OTP)
• Time-based One-Time Password (OTP)
• Security Question
• Challenge-Response
• Transaction Data Signing (TDS)
• Mutual Authentication

Mobile Security Token Convenience

The key advantage of the mobile token is that there are no new devices or wallet-fillers for customers – just an add-on to the device they already carry everywhere. Since customers already own the “hardware” (the mobile phone), SolidPass can be provided and managed at a fraction of the true cost (TCO) of a hardware token solution. Soft tokens have the added advantage of being able to be distributed immediately and without logistical planning. An added benefit from a reissuing and logistical perspective is that soft tokens do not expire. This helps reduce customer dissatisfaction. Thanks to its flexible framework, the application can also be updated to guard against new security threats.

SolidPass works on a number of different mobile platforms (both feature and smartphones). Solidpass mobile security tokens include the following:

• Android Security Token
• Blackberry Security Token
• Brew Security Token
• iPhone Security Token
• Java ME Security Token (J2ME Token)
• Linux Security Token
• Palm Security Token
• Symbian Security Token
• Windows Mobile Security Token

Desktop (PC) Soft Security Token

SolidPass also supports desktop-based software tokens as well. The Desktop Operating Systems and Browsers supported are:

• * Toolbar Security Token
• Java Security Token
• Linux Security Token
• Mac Security Token
• Windows Security Token

Software Security Token Embedded

SolidPass is a software authentication token built such that it can be used as a standalone product or embedded in mobile applications such as mobile banking. Thus strong authentication can be built into standalone mobile apps or desktop-based applications.

Security

Regulatory Compliance

Regulatory requirements are pressuring organizations to adopt stronger authentication methods and to secure access to data systems and applications. Static username/password identity management no longer provide enough security to authenticate users accurately. This has led to adopting two-factor authentication systems. Legislation from the Sarbanes-Oxley Act (SOX), guidelines from the Federal Financial Institutions Examination Council (FFIEC), and recommendations from the Health Insurance Portability and Accountability Act (HIPAA) all require that organizations use stronger forms of authentication to mitigate data theft, prevent fraud, protect customer information and patient privacy. SolidPass helps organizations and enterprises comply with regulatory regimes that cover authorization rules and auditing protocols.

In addition to non-compliance, organizations that continue to use static username/passwords face numerous problems ranging from brute force attacks, dictionary attacks, guessing and social engineering.

SolidPass security token can be used to prevent the following:

• Phishing Attacks
• Pharming Attacks
• Man-In-The-Middle Attacks
• DNS Cache Poisoning Attacks
• Trojans Attacks
• Man-In-The-Phone Attacks
• Browser Poisoning Attacks

OATH Compliant Security Tokens

As a member of the Initiative for Open Authentication, SolidPass tokens are built OATH compliant. SolidPass uses the standards-based strong two-factor authentication HOTP algorithm endorsed by OATH, providing compatibility with third-party software.

Easy integration:

• RADIUS Server Support
• LDAP support
• SOAP/Webservices
• Microsoft IAG 2007 SSL VPN
• SOA architecture

Server OS independent

The authentication server is OS independent and supports Linux (tested on most distributions like Redhat, Ubuntu and Novell Suse), Microsoft Windows Server (NT, 2003, XP), Sun Solaris and all operating systems that support enterprise Java.

Custom Branded Tokens

Custom branding is an available option for SolidPass security tokens. This is especially useful for Banks and large corporations.

Industries and verticals appropriate for:

• Online banking
• Mobile banking