With the Connect SDK, developers can embed capabilities like QuickCode secure PIN and zero-touch device authentication into high-value apps such as retail banking, mobile payment, content subscription, social media and others, simplifying the user experience and reducing the user password management burden for service providers.
SecureKey’s software-only solution is modeled after a hardware secure element and uses the same standard GlobalPlatform security protocols to ensure that each device can be uniquely identified and verified by the briidge.net Connect Service using an out-of-band channel.
The new Connect SDK offers ubiquitous strong security for any mobile app on Android and iOS platforms, including the new iPhone 5S and 5C devices, and provides seamless migration to hardware-based security. With increased mobile app security, service providers can introduce more high-value services, attract more customers and gain competitive advantage.
The briidge.net Connect Service also includes the briidge.net Connect mobile app — downloadable from the iTunes and Google Play app stores—that supports single-click, out-of-band web authentication on mobile devices for simple and secure online account sign-ins and transaction confirmations.
Both the Connect SDK and the downloadable Connect mobile app employ briidge.net DNA technology to provide unique device IDs for a wide range of applications supported by the briidge.net Connect Service. SecureKey briidge.net DNA technology is already embedded in Intel IPT-enabled PCs, laptops and Ultrabooks shipped to consumers since 2012.
By providing a reliably unique device ID across mobile platforms, the Connect SDK allows developers to create mobile applications with uniform device-based authentication. It also enables the briidge.net Connect Service to be used in combination with existing third-party, platform-specific device fingerprinting solutions as part of an overall risk-based authentication system.
The new QuickCode feature in the Connect SDK enables organizations to replace hard-to-type usernames and passwords in their mobile apps with fast, easy to enter, server-verified PINs. Stronger than either a mobile app PIN or an online password, the user QuickCode acts as a multi-device PIN — synchronized across all of the user’s enrolled devices, providing a consistent experience across the devices they use to access services.
“We have to get rid of passwords. We need strong multi-factor authentication for most online and mobile transaction use cases. Given the fluid threat environment and our own industry’s moving technology landscape, a client software and cloud-based service approach can provide the strong authentication we need and the necessary flexibility to respond to new requirements,” said George Peabody, senior director with Glenbrook Partners. “Edge devices, the cloud, and security hardware will be mashed up to meet a range of authentication needs. SecureKey’s capabilities link those nodes in the transaction chain.”
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.