Transaction Data Signing (TDS) Security Token
The SolidPass™ security token supports Transaction Data Signing (TDS). This allows the user to authenticate the transaction with a challenge issued by the enterprise and a response generated by SolidPass™ based on the transaction details. The response that is generated becomes the unique digital signature that once processed allows the transaction to go through. SolidPass™ validates the signature against the transaction data and executes the transaction.
SolidPass also supports the following authentication methods:
- Event-based One-Time Password (OTP)
- Time-based One-Time Password (OTP)
- PIN control mandatory/optional
- Security Question
- Mutual Authentication
TDS can be used to prevent the following attacks:
- DNS Cache Poisoning
- Browser Poisoning
Mobile Token Convenience
The key advantage of the mobile token is that there are no new devices or wallet-fillers for customers – just an add-on to the device they already carry everywhere. Since customers already own the “hardware” (the mobile phone), SolidPass can be provided and managed at a fraction of the true cost of a hardware token solution. Thanks to its flexible framework, the application can also be updated to guard against new security threats.
SolidPass works on a number of different mobile platforms (both feature and smartphones). Solidpass mobile tokens include the following:
- Java ME Token Event-based (J2ME)
- Mobile Linux
- Windows Mobile
Desktop Soft Token
SolidPass also supports desktop-based software tokens as well. The Desktop Operating Systems and Browsers supported are:
- Toolbar Token
- Java Token
- Linux Token
- Mac Token
- Windows Token
TDS can be embedded in mobile applications such as mobile government. Thus strong authentication can be built into standalone applications. This especially useful for mobile banking security, where TDS can be embedded in a mobile banking application for seamless authentication.
Regulatory requirements are pressuring organizations to adopt
stronger authentication methods and to secure access to data
systems and applications. Static username/password
identity management no longer provide enough security to
authenticate users accurately. This has led to adopting
two-factor authentication systems. Legislation from the
Sarbanes-Oxley Act (SOX), guidelines from the Federal
Financial Institutions Examination Council (FFIEC), and
recommendations from the Health Insurance Portability and
Accountability Act (HIPAA) all require that organizations use
stronger forms of authentication to mitigate data theft,
prevent fraud, protect customer information and patient
privacy. SolidPass helps organizations and enterprises
comply with regulatory regimes that cover authorization rules
and auditing protocols.
In addition to non-compliance, organizations that continue to use static username/passwords face numerous problems ranging from brute force attacks, dictionary attacks, guessing and social engineering.
OATH Compliant Event-based Tokens
As a member of the Initiative for Open Authentication, SolidPass 2FA tokens are built OATH compliant.