KOBIL offers two reference implementations of this toolkit: mIDentity Trusted Web View, an application for secure authenticated mobile web browsing and the mIDentity Trusted Messages Sign, an application designed to replace SMS online services and phone callback OTP services with authenticated transaction messages that cost less.
mIDentity App Security Toolkit (AST) is a software development kit which secures any online mobile application, such as mobile banking applications. AST protects against unauthorized duplication of apps from dedicated devices, prevents app manipulation and the creation of fake apps.
This new online solution bolsters security between mobile applications and online services by ensuring data confidentiality and integrity through the creation of trust anchors that protecting the communication in between apps and online services.
According to KOBIL, virtually all of today’s most common web browser attacks on PC platforms also exist for mobile device web browsers. Users can be tricked via phishing and pharming attacks, and mobile devices are more likely to be at risk of man-in-the-middle and man-in-the-browser attacks that can modify online transactions while accessing popular online services.
The use of static passwords, text/SMS, phone callback OTP, soft One Time Passwords or basic hard OTP tokens will not stop these attacks. KOBIL secures mobile web browsers through the mIDentity Trusted Web View powered by mIDentity AST. The mIDentity TWV is a downloadable mobile application that uses mobile web browsers in a controlled way.
Mobile platforms can be used as an out-of-the-band authentication solution for PC based access to online applications. To make sure out-of-the-band authentication for both login and transaction signing is secure, mIDentity Trusted Message Sign solution powered by mIDentity AST can be easily implemented as a reference solution. The full featured mIDentity TMS is a downloadable mobile application that offers up to 80 percent of the cost savings over traditional SMS.
The apps which are using mIDentity AST functionality can use external hardware devices such as mIDentity Air or Air+ for third factor authentication, signing and additional trust points. These devices should be used with mobile platforms for processing high risk transactions.