Prevent Man-in-the-Browser Attacks with SolidPass
Man-in-the-Browser (MitB) is a Trojan which can infect a web browser. As result, web pages can modified and manipulated, transactions can even be accessed and altered without the knowledge of the user. SolidPass™ defeats the possibility of a MitB attack by issuing an encrypted challenge code which includes transaction specific data displayed only to the user on their phone. The user then sees the data and subsequently validates the transaction.
- Fraud detection and protection
- Data transfers through a secure channel
- Authentication to a server by using a mutually trusted certification authority
- Prevention from potential forms of eavesdropping such as the interception of messages or access to confidential information
Desktop Soft Token
SolidPass supports desktop-based software tokens as well. The Desktop Operating Systems and Browsers supported are:
- Toolbar Token
- Java Token
- Linux Token
- Mac Token
- Windows Token
Mobile Security Token
SolidPass™ is available as a mobile security token. It provides better security than a hardware token by giving you control and choice over authentication requirements at a fraction of the true lifetime cost of ownership. More importantly, the mobile security token provides more than standard two-factor authentication with smart protection features such as challenge- response and transaction data signing. It really provides 2-factor, 2-channel, and 2-way (mutual) authentication. SolidPass works on a number of different mobile platforms, supporting both feature phones and smartphones. The Solidpass mobile security tokens include the following:
- Android Mobile Token
- Blackberry Mobile Token
- Brew Mobile Token
- iPhone Mobile Token
- Java ME Mobile Token (J2ME Token)
- Linux Mobile Token
- Palm Mobile Token
- Symbian Mobile Token
- Windows Mobile Token
The mobile phone vendors supported include:
- Apple
- Asus
- BenQSiemens
- BlackBerry (RIM)
- Dell
- HP iPac Mobile
- HTC
- Huawei
- i-mate
- LG
- Motorola
- NEC
- Nokia
- Palm
- Panasonic
- Samsung
- SonyEricsson
- Vodafone
- ZTE
Mobile Soft Token Convenience
The key advantage of the SolidPass mobile soft token is that there are no new devices or wallet-fillers for customers – just an add-on to the device they already carry everywhere. Since customers already own the “hardware” (the mobile phone), SolidPass™ can be provided and managed at a fraction of the true cost (TCO) of a hardware token solution. Soft security tokens have the added advantage of being able to be distributed immediately and without logistical planning. An added benefit from a reissuing and logistical perspective is that soft tokens do not expire. This helps reduce customer dissatisfaction. Users are also more likely to recognize the loss of their mobile phone before they recognize the loss of a hardware token. This means that they are also more likely to recover a misplaced mobile phone before finding a lost hardware token. As a result mobile phones have become a more reliable deployment method than hardware tokens.
Provisioning of Mobile Token
The application can be provisioned in a number of ways include OTA (Over-the-air), Bluetooth, Wap Push, download, SMS request from a short-code or a long number or from an SMS push from a web interface or a URL from a WAP or mobile Internet portal or from a relevant applications store.
Strong Two-Factor Authentication (2FA)
The following strong authentication methods are supported in the mobile token:
- Event-Based One-Time Password (OTP)
- Time-Based One-Time Password (OTP)
- Security Question
- Challenge Response
- Transaction Data Signing (TDS)
- Mutual Authentication (2 WAY Authentication)
SolidPass mobile security token can be used to prevent the following :
- Phishing Attacks
- Pharming Attacks
- Man-In-The-Middle Attacks
- DNS Cache Poisoning Attacks
- Trojans Attacks
- Man-In-The-Phone Attacks
- Browser Poisoning Attacks
Embedded Token
SolidPass™ can be embedded in any number of mobile apps such as mobile banking that would require strong two-factor authentication and security.