PINoptic

PINoptic CellsecTM

PINoptic CellsecTM is a software based security one time password solution which provides a one-time password security solution using the end-users existing mobile/cell phone so that they are authenticated on multiple levels without carrying additional hardware or placing additional cognitive loads on them.

PINoptic CellsecTM works by prompting the user to send their password via their mobile handset when authenticating themselves over the internet. Their password consists of symbols and numbers with the symbols being displayed on different keys each time they come to 'login'. They enter a short-code on their handset followed by the numbers associated with their symbols shown to them on the computer screen and the server then verifies that the individual is at the computer terminal, that they are in possession of the mobile/cell phone and that they know their personal PIC code.

Demonstration

Applications

  • Internet banking
  • E-commerce
  • Remote Login
  • Replacement for token based systems

Benefits

  • Secure authentication even if user is observed locally, eavesdropped or via man-in-the-middle attack;
  • Two channel operation (typically internet out and USSD back) separates the challenge and the response makes it even more resilient to attack;/li>
  • Able to verify that the user is present at the display device and in possession of a known hardware token (handset)
  • Uses existing handsets as a ubiquitous tokens or dongles which do not have to be produced and distributed specially.
  • Uses low cost or free data channels to send the challenge and retrieve the response;
  • Easy for the user to understand;
  • Easy for the user to use;
  • Secure.

Development Kit Features

Session logon: to establish a connection between the user and the system

  • assigns or obtains session ID
  • verifies user as being present in database

Map generator module: generates a random assignment of symbols and images to buttons

  • configurable to allow fixed symbols sets
  • configurable to allow pseudo-random maps for code changing

PINoptic grid generator module: generates a grid image for presentation on the display device

  • configurable image sets
  • configurable grid layout
  • configurable image layout
  • configurable button skins
  • configurable image format

Display module: incorporated into end-product

  • web page image
  • device display
  • desktop

PINoptic code database: holding user ID and PIC codes

  • held on end-product server

Authorization module: to verify that the entered PIN matches the stored PIC

  • held on end-product server
  • does not need access to image database
  • uses map attached to user session ID

Implementation

PINoptic licenses the use of its software development kit which includes technical support, bespoke development training and customisable end-user training so that a solution can be created to suit your needs and your unique IT/network environment.

PINoptic solutions can be simply implemented and can be integrated in house without external contractors having access to servers.