Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

New system secures cellphones for Web transactions

Tim Greene | Dec. 7, 2011
An experimental method for two-factor authentication to websites employs mobile phones in a new way to ensure that users' online accounts don't get hijacked.

3. After that, whenever the user logs in to the banking site with username and password, the site displays Request Challenge-1 -- a set of numerals sent by the PLA server. The user enters that set into the PLA mobile app and gains access to the secured portion of the banking site.

4. In the background a second challenge, Challenge-2, is sent from the server to the phone via SMS.

5. The PLA mobile app creates a hash using Challenge-1, Challenge-2, and the AppID as well as the IMSI and the ICCID read directly from the phone. The app encrypts the hash and sends it to the server.

6. Independently the server hashes the same values from its database and compares the resulting hash to the hash sent from the phone. If they match, the user gets a welcome screen on the Web page.

Sagi says he is uncertain about plans to commercialize PLA.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.