Wednesday, December 19, 2018
Case 1: Extra Security for Web Application Logins
Sensitive Information should be protected efficiently but in the same time it should be easy to access for users. For example field staff has to have the possibility to access an own server during client visit in order to retrieve information or place a purchasing order.
If there isn't any sensitive data to be transferred, password protected login should be good enough. But what if employees can access company wide intranet or CRM from outside of a secure company network? These systems usually contain confidential client information or possible company secrets. In such cases it is recommended to play safe and build an additional security check. With ASPTOKEN that kind of extra security check is easily done.
ASPTOKEN is a perfect solution for extra security needs with a login procedure, because ASPTOKEN provides an extra authentication method via SMS. Any login-system secured with ASPTOKEN grants access only to the person who knows a username, a password and possesses a mobile phone, which number was saved beforehand into the system.
In just a few minutes a programmer is able to integrate ASPTOKEN in to an application. Code generation, SMS sending and verification of the code is taken care by ASPTOKEN.Process of ASPTOKEN authentication:
Case 2: ASPTOKEN for E-Banking
"mTAN [Mobile Transaction Authentication Number] ranks among the most secure methods, when user gets specific transaction data via separate channel to his mobile phone. Risk exists only if both the computer and his mobile phone are infected by malware."– PCtipp
When opening his account, a customer gives his mobile phone number to his bank. Whenever he afterwards does a login to his e-banking account with his username and password, he will receive an additional APSTOKEN authentication code via SMS. He enters that code to the login-window and confirms that way that he possesses his pre-registered mobile phone number. A hacker must therefore not only to possess the username and password but also the mobile phone of the e-banking customer.
That kind of extra security and two-way authentication can be also used in e-banking when confirmation of different transactions is desired. When a customer does for example a bigger transaction, the e-banking software can automatically send an ASPTOKEN SMS-code for confirmation. If that transaction is ok for the customer, he enters the received SMS-code to the e-banking Internet session and gets that transaction confirmed.
This kind of extra payment confirmation method is for a hacker very difficult to intervene. With ASPTOKEN, a bank can build extra security check for the Internet banking.Process of ASPTOKEN authentication: