2x2 Authentication

Unlike other OTP token-based authentication solutions that offer only one-way authentication, MobileID delivers a strong two-way and two-factor authentication(2x2) - the user and the service can be mutually authenticated. In the authentication process, a pair of one-time passwords (OTP) is used to authenticate the user to the service as well as the service to the user.

MobileID is the only product in the market today that provides an OTP-based, two-factor and two-way authentication solution.

Challenge & Response

MobileID can also be configured as a Challenge-Response device, whereby the user is asked to enter a Challenge Code given by any service application, after which the MobileID generates a Response Code to be used to authenticate the user to that service. Challenge-Response authentication provides additional security to the simple OTP authentication.

Digital Signature

MobileID provides confirmation of transaction details by using a digital signature which provides high assurance that the submitted transaction has been authorised by the user and that the transaction has not been modified en route by impostors since the authorisation, by Man-In-The-Middle or Session Hijack attacks.

PIN Protected

MobileID token is protected by enhanced security features. In the case of the user’s mobile phone having been lost or stolen, an additional PIN can be set by the user to stop the MobileID from being operated by unauthorised persons.

Multiple Tokens

MobileID is designed to allow one mobile device to be used as a token generator for any number of online services, applications or products, so that users do not need to carry different tokens for different products.

Dual Algorithms

MobileID supports both event-based and time-based one-time passwords.

OATH Compliant

MobileID is consistent with the reference architecture set forth by the initiative for Open AuTHentication (OATH) and compliant with the OATH HOTP algorithm proposed as a standard within the IETF.

User Friendly

Mobile phones have become an inseparable part of peoples’ lives. Using the mobile phone as a secure token frees the users from carrying dedicated token device. MobileID is the ideal replacement to the conventional one-time password hardware tokens.

Cost Effective

MobileID utilises existing devices that users already have, mobile phones, eliminating the need to purchase and deploy additional new hardware tokens, or replace lost and damaged hardware tokens. MobileID is the most cost effective one-time password token in the market.

Easy to Deploy

MobileID is extremely easy to deploy— it can be deployed over the air onto the user’s mobile phone with one SMS message. For enterprise applications, MobileID tokens can also be downloaded onto mobile phones via Bluetooth on the corporate network.

MobileID is the ideal two-factor authentication solution for enterprise and consumer applications

"The growth of mobile computing combined with the rise in malicious attacks, especially the mounting concern over identity theft and phishing, has increased the need for strong authentication for remote access, user login, and single sign-on… OATH-compliant soft token solutions extend two-factor authentication support through devices that are in common use, such as mobile phones, PDAs, and PCs, which could help to extend this level of security to a broader audience of users."

Joe Greene
VP IT Security Research, IDC.

MobileID is avaiable for:

• JAVA enabled phones: J2ME 1.1 or later;
• RIM Blackberry 3.6 or later
• Palm 5 or later
• Symbian 4 or later
• Windows Mobile for Pocket PC 2003/2005 or later
• Windows Mobile for Smartphone 2003 or later
• Windows Desktop: Windows 2000/XP or later