Mobile 2x2 turns mobile phones, PDA’s and PC’s into One-Time Password token devices, providing enterprises, banks, online service providers and retailers with a cost-effective means to provide strong authentication protection to their customers, business partners and employees without deploying additional, dedicated hardware.
One Time Password (OTP) tokens provide a secure and easy to use authentication solution, but traditional solutions require users to carry a hardware token for each application that they use. Mobile 2x2 utilises an existing mobile device as the hardware token, eliminating the need for consumer and enterprise users to carry additional and multiple hardware tokens. Traditional OTP authentication is one way only – the user authenticates their identity to the application provider. One-way authentication cannot prevent phishing or spoofing attacks whereby a fraudulent website attempts to steal users’ identities by masquerading as a legitimate commercial website.
MOBILE 2x2 is the only product in the market today that provides an OTP token-based, two-factor and two-way authentication solution.
Mobile 2x2 works with any Java enabled mobile phone, including Windows Mobile, RIM Blackberry, Symbian OS and Palm OS. A Mobile 2x2 Desktop Edition is also available which supports Windows 2000/XP and Windows Mobile.
Key Features and Benefits
Key Features
2x2 Authentication
Unlike other OTP token-based authentication solutions that offer only one-way authentication, Mobile 2x2 delivers a strong two-way and two-factor authentication (2x2). Mobile 2x2 is able to deliver two-way authentication which means the user and the application provider can be mutually authenticated. In the authentication process, a pair of one-time passwords (OTP) is used to authenticate the user to the website as well as the website to the user.
Challenge & Response
Mobile 2x2 can also be configured as a Challenge-Response device, whereby the user is asked to enter a Challenge Code given by any service application, after which the Mobile2x2 generates a Response Code to be used to authenticate the user to that service. Challenge-Response authentication provides additional security to the simple OTP authentication.
Digital Signature
Mobile 2x2 provides confirmation of transaction details by using a digital signature which provides high assurance that the submitted transaction has been authorised by the user and that the transaction has not been modified en route by impostors since the authorisation, by Man-In-The-Middle or Session Hijack attacks.
Pin Protection
Mobile 2x2 token is protected by enhanced security features. In the case of the user’s mobile phone having been lost or stolen, an additional PIN can be set by the user to stop the Mobile 2x2 from being operated by unauthorised persons.
Multiple Tokens in one device
Mobile 2x2 is designed to allow one mobile device to be used as a token generator for any number of online services, applications or products, so that users do not need to carry different tokens for different products.
OATH Compliant
Mobile 2x2 is consistent with the reference architecture set forth by the initiative for Open AuTHentication (OATH) and compliant with the OATH HOTP algorithm proposed as a standard within the IETF.
Key Benefits
Scalable solution for mass market applications
The solution has been specially designed to deliver a convenient, cost-effective and scalable solution for mass-market applications, such as online banking and ecommerce.
Cost Effective: No new hardware
Mobile 2x2 is based on existing devices that users already have, and are familiar with, eliminating the need to purchase additional new hardware, or replace lost and damaged hardware.
Low Support Cost: Self-service Management System
An easy to use, self-service web application provides users with functions such as token activation, token suspension and token synchronisation. The self-service management system enables users to conveniently change mobile devices as well as reduces support calls and costs involved.
Easy to use and deploy
Mobile 2x2 tokens can be pushed to the end-users’ mobile phones by WAP/SMS messages. For enterprise applications, Mobile 2x2 tokens can be downloaded onto mobile phones via Bluetooth on the corporate network.
MOBILE 2x2 Authentication Process
MOBILE 2x2™ is the ideal solution for mass-market business applications.
"The growth of mobile computing combined with the rise in malicious attacks, especially the mounting concern over identity theft and phishing, has increased the need for strong authentication for remote access, user login, and single sign-on… OATH-compliant soft token solutions extend two-factor authentication support through devices that are in common use, such as mobile phones, PDAs, and PCs, which could help to extend this level of security to a broader audience of users."
Joe Greene
VP IT Security Research, IDC.
Next Step
→Click here to request an online demo.
→Click here to request more information.
→Click here to download this document in PDF format.