|
Friday, October 18, 2013
IBM Develops Two-Factor Security for Mobile Transactions
|
|
You are sending an email that contains the article
and a private message for your recipient(s). |
Your Name: |
|
Your e-mail: |
* Required! |
Recipient (e-mail): |
* |
Subject: |
* |
Introductory Message: |
|
HTML/Text
(Photo: Yes/No) |
(At the moment, only Text is allowed...)
|
|
|
Message Text: |
IBM scientists have developed a new mobile authentication security technology based on the near-field communication (NFC) radio standard. The technology provides an extra layer of security when using an NFC-enabled device and a contactless smartcard to conduct mobile transactions.
Today many consumers use two-factor authentication from a computer, for example, when they are asked for both a password and a verification code sent by short message service (SMS). IBM scientists are applying the same concept using a personal identification number (PIN) and a contactless smartcard. The contactless smartcard could be a bank-issued ATM card or an employer-issued identity badge.
"Our two-factor authentication technology based on the Advanced Encryption Standard provides a robust security solution with no learning curve," said Diego Ortiz-Yepes, a mobile security scientist at IBM Research.
The user simply holds the contactless smartcard next to the NFC reader of the mobile device and after keying in their PIN, a one-time code would be generated by the card and sent to the server by the mobile device.
The IBM technology is based on end-to-end encryption between the smartcard and the server using the National Institute of Standards & Technology (NIST) AES (Advanced Encryption Standard) scheme. Current technologies on the market require users to carry an additional device, such as a random password generator, which is less convenient and in some instances less secure.
The technology, which is available today for any NFC-enabled Android 4.0 device, is based on IBM Worklight, a mobile application platform that is part of the IBM MobileFirst portfolio. Future updates will include additional NFC-enabled devices based on market trends.
|
|
|
|
|