Poland
Germany
France
Russia
LuxembourgComarch Mobile Security
Problem
Each security policy has one weak point: establishing the true identity of the person who wants access to information. Relying on the user’s knowledge is not enough. There is always a risk that the “user’s knowledge” can be stolen.
Challenge
User authentication and authorization represent key elements in mobile device security. Authentication is the first line of defense against unauthorized access. It confirms user identities, while authorization grants users access according to specific security principles and allows users to confirm the credibility of transactions.
Solution
Comarch MobileID is a new authentication and authorization method based on mobile phones. The application’s main features include:
- simple installation:
- The Application is the midlet for the user to download from sever (after registration the user receives a password which is used to authenticate during the download of MobileID application)
- The user receives the first PIN which can be changed at anytime
- The address, from which the application should be downloaded, is sent through SMS - strong cryptography:
- cryptographically secures pseudorandom number generator
- symmetric algorithms: AES (Advanced Encryption Standard)
- hash functions: SHA256 - Radius protocol attendance
- operating as a stand-alone system and it may also be integrated with Comarch Security Access Manager DRACO
- served devices: nearly every mobile phone produced after 2002
- user interface individually customized for the customer
- a passcode generated every sixty seconds
- a passcode which can only be used once
Comarch MobilePKI is a solution that supports authentication and authorization using mobile technology. It enables full use of Public Key Infrastructure (PKI) on mobile phones using SIM cards. Comarch MobilePKI:
- rests on a java application installed on a SIM card (with the full option with cryptoprocessor); the application converts the mobile phone into a mobile cryptographic car
- contains a public and private key and does not require a card reader for signature submission
- uses telephone communication – access to the bank’s transaction system via SMS
- is compatible with STK GSM 11.14 standard
- uses 1024 bit RSA keys
- generates keys using an application located on a SIM card (in the case of a cryptographic card the application is located on the card)
- provides the option to use many key pairs
- has private key protected by PIN
- SIM cards can be unblocked by SMS
- allows for easy installation
- works on SIM cards in accordance with JavaCard specifications 2.1.1/2.2.1.
Download:
- Comarch Makes a Personal Finance Management Application for Bank BPH
- Erste Bank Ukraine implemented Internet - Banking System by Comarch
- Comarch deploys a mobile insurance solution with BRE Ubezpieczenia
- State of the Art Comarch electronic banking platform was launched in Rabobank Polska S.A.
- Comarch PFM featured in recent Gartner report
Follow our updates on Twitter
Watch us on YouTube
Save to AddThis.com
Connect with us on LinkedIn
