Protect high-value transactions on iOS and Android
Posted on 30 September 2013.
SecureKey introduced its enhanced cloud-based Connect multi-factor authentication service. This latest version of Connect incorporates the new Connect Mobile SDK, which enables developers to easily add robust multi-factor authentication capabilities into iOS and Android mobile apps.

With the Connect SDK, developers can embed capabilities like QuickCode secure PIN and zero-touch device authentication into high-value apps such as retail banking, mobile payment, content subscription, social media and others, simplifying the user experience and reducing the user password management burden for service providers.

SecureKey’s software-only solution is modeled after a hardware secure element and uses the same standard GlobalPlatform security protocols to ensure that each device can be uniquely identified and verified by the Connect Service using an out-of-band channel.

The new Connect SDK offers ubiquitous strong security for any mobile app on Android and iOS platforms, including the new iPhone 5S and 5C devices, and provides seamless migration to hardware-based security. With increased mobile app security, service providers can introduce more high-value services, attract more customers and gain competitive advantage.

The Connect Service also includes the Connect mobile app — downloadable from the iTunes and Google Play app stores—that supports single-click, out-of-band web authentication on mobile devices for simple and secure online account sign-ins and transaction confirmations.

Both the Connect SDK and the downloadable Connect mobile app employ DNA technology to provide unique device IDs for a wide range of applications supported by the Connect Service. SecureKey DNA technology is already embedded in Intel IPT-enabled PCs, laptops and Ultrabooks shipped to consumers since 2012.

By providing a reliably unique device ID across mobile platforms, the Connect SDK allows developers to create mobile applications with uniform device-based authentication. It also enables the Connect Service to be used in combination with existing third-party, platform-specific device fingerprinting solutions as part of an overall risk-based authentication system.

The new QuickCode feature in the Connect SDK enables organizations to replace hard-to-type usernames and passwords in their mobile apps with fast, easy to enter, server-verified PINs. Stronger than either a mobile app PIN or an online password, the user QuickCode acts as a multi-device PIN — synchronized across all of the user’s enrolled devices, providing a consistent experience across the devices they use to access services.

“We have to get rid of passwords. We need strong multi-factor authentication for most online and mobile transaction use cases. Given the fluid threat environment and our own industry’s moving technology landscape, a client software and cloud-based service approach can provide the strong authentication we need and the necessary flexibility to respond to new requirements,” said George Peabody, senior director with Glenbrook Partners. “Edge devices, the cloud, and security hardware will be mashed up to meet a range of authentication needs. SecureKey’s capabilities link those nodes in the transaction chain.”


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th