In today distributed organizations, delivering reliable end user authentication is a difficult problem in search of a workable solution. Password based authentication is the workhorse of online authentication, and will remain so in the years to come as it delivers the simplest solution that can possibly work. The drawbacks of using this simple ubiquitous authentication method are well known: good passwords are hard to remember and shall be used only for a limited period time.
Innovative vision : one time and SMS passwords
For application that requires higher level of security than static password can deliver, KerPass provide a one time password based on time-synchronization between the authentication server and the client providing the password. Moreover, to adapt to deployment cases where the end user can not install the KerPass mobile application onto its phone, sms can be used to leverage on phone sim/usim identity module thanks to an innovative "multipass" message format.
The solution: Authentication & transaction validation
Once installed on a Java enabled cellular phone, the KerPass mobile client allows setting a dedicated token that generates OATH (time synchronous) one time password. A new "PassCode" can be generated every 30 seconds, and it remains valid for at most 5 minutes. As for sms based authentication, the KerPass web api allows to maintain a low cost of operation in such cases.
KerPass tokens allow reliable transaction validation by mean of electronic signatures. Transaction validation as allowed by the KerPass mobile token allows to definitely solve the security problems (phishing...) encountered in today e-commerce transactions such as online payment or order confirmation.
The innovator
KerPass is a division of AmvTek , an IT company operating from the city of Timisoara in the republic of Romania. Email : contact@kerpass.com. Phone [GMT +02:00 ] : ++ 40 256 201 693
