Aradiom SolidPass™ is a mobile security token that provides better security than a hardware token by giving you control and choice over authentication requirements at a fraction of the cost. Even more importantly, the mobile token provides more than standard two factor authentication. It really provides 2 factor, 2 channel, and 2 way authentication.
Two Factor Authentication (2FA)
Two Factor Authentication is using a combination of two different ”factors” to gain access or authenticate to say online banking: something you know, such as a password or PIN, and something you have, such as a SolidPass™ loaded mobile phone.
In the case of Aradiom SolidPass™, 2 channel means one channel is the phone which generates the response code. The other channel is where the challenge code comes from and where the response code will be used - for example, the Internet in the case of using Aradiom SolidPass™ to login to online banking.
Two Way Mutual Authentication
2 way authentication, also known as mutual authentication, allows the user to authenticate themselves using the mobile token to the enterprise (bank, network resources, etc), and the enterprise to authenticate itself to its users.
Java ME (J2ME)
Aradiom has chosen Java ME (J2ME) as the language for its SolidPass™ solution in order to benefit from “Mobile Java Security," meaning each program runs in its own restrictive "sandbox." This prevents the program from accessing the files or memory of another program or accessing the hardware of the device in the uncontrolled way. Java is supported on all Symbian handsets as well as most Windows Mobile.
How SolidPass Works
To use Aradiom SolidPass™, the customer opens a small Java application (SolidPass™) on his mobile phone. SolidPass™ is a mobile soft token stored in the applications folder. The application can be provisioned in a number of ways include OTA (Over-the-air), Bluetooth and Wap Push.
SolidPass™ is a software token which uses the mobile phone as the "hard" part of the security token, in effect using the processing power of the mobile phone.
One-Time Password (OTP)
SolidPass™ can be used to generate a unique one-time password (OTP). The password generation with Aradiom SolidPass™ is time based and uses a robust encryption mechanism appropriate for mobile phones. The mobile OTP timeout period is also configurable.
Once the SolidPass™ authenticating system receives the mobile OTP password, it can respond with a challenge code. The challenge code will always contain previously agreed upon data (the encrypted information exists in the phone application).
Additionally, Aradiom SolidPass™ allows the enterprise to add a security question and operation specific data to be embedded in the challenge code and retrieved at the phone application for extra security and insurance.
Transaction Data Signing (TDS)
SolidPass™ supports Transaction Data Signing (TDS). This allows the user to authenticate the transaction with a challenge issued by the enterprise and a response generated by SolidPass™ based on the transaction details. The response that is generated becomes the unique digital signature that when processed allows the transaction to go through. SolidPass™ validates the signature against the transaction data and executes the transaction.
Prevents Phishing, Pharming, Man-In-The-Middle and DNS Cache Poisoning Attacks
The architecture of Aradiom SolidPass™ protects against Man-in-the-Middle (“MITM”), phishing, pharming and DNS cache poisoning (DCP) attacks. The mobile token also provides the ability to require graded and role based security for different parts of a bank site or network environment, ensuring that more sensitive data has the most security.
Mobile Token Convenience
The key advantage of the mobile token is that there are no new devices or wallet-fillers for customers – just an add-on to the device they already carry everywhere. Since customers already own the “hardware” (the phone), Aradiom SolidPass™ can be provided and managed at a fraction of the cost of a hardware token solution. Thanks to its flexible framework the application can also be updated to guard against new security threats.
Software Token Embedded
Aradiom SolidPass™ is a software token built such that it can be used as a standalone product or embedded in our QuickSuite™ of mobile applications. Here is a list of some of the QuickSuite™ family of mobile applications we can embed SolidPass™ into: