Seamfix Vio® represents an epitome of protection against authentication fraud for your enterprise. Vio® is a two-way | two-factor authentication engine. What this means is that the user of any enterprise resource seeking authentication must;
- Authenticate him/herself to the enterprise server in the network
- Receive authentication from the enterprise server that the server is genuine,
This authentication method is an added layer of security built into enterprise systems to ensure that authentication fraud is eliminated almost completely. To compromise a system running Vio® will mean;
- Having the physical token used in authenticating the user to the server AND
- Knowing the users password and username
Known security flaws such as web phishing that aims at deceiving the user into divulging sensitive information to the wrong enterprise server is also eliminated completely since the user has a way of authenticating that the enterprise server is genuine from the physical token device he/she has. These features make Vio® a two-way | two-factor authentication engine.
While much progress has been made in efforts to ease the way in which information is accessed and shared, a lot has been done by people to undermine the safety of these convenient transactions. Most existing systems rely on users’ knowledge of their passwords to authenticate them and grant them access. A point has been passed where access to certain key information, such as banking information, can no longer be safely secured by the use of something you know alone – in this case a password.
In response to this situation, Seamfix has designed Vio®, to provide an extra layer of protection to systems. Vio® is 2-way, 2-factor authentication system that converts mobile phones, PDAs or computers into token generators. Vio® replaces hardware token one time password generators with mobile and desktop applications.
In this way in addition to requiring something users know, Seamfix is empowering you with a means to demand that they have something as well before they can authenticate – in this case a device e.g. phone, that can also function as a one-time-password (OTP) generator. In addition to letting you confirm that the user attempting to log onto the system is who they claim to be, it also allows users confirm that they are logging onto the right system, thus protecting them from phishing attacks.
How this works is that with Vio®, users of a system may attempt to log on as usual with their username and password combination, at which point they will be prompted they will be presented with a PIN and asked to enter one. At this point they run VIO on their device, two PINs are generated – one that should match the one displayed to them and one which they are to enter, allowing them to authenticate the system and to in return authenticate themselves.
Vio® provides protection against:
- Key logging
- Man-in-the-middle attacks
- Man in the browser attacks
Features of Vio® - How Vio® will protects you and your enterprise
It is common to see all sorts of exploits to protection systems in today’s world. There are several ways to exploit password only systems such as network sniffing and decryptions, key loggers etc. Most times, a determined black-hat hacker will find his/her way through a password only system. ATM systems suffer fraud due to pin information disclosure be it through automated social engineering such as web phishing or conversation based social engineering such as a disguised switch engineer! ATM cloning and missing cards are all issues associated with the single password or PIN systems of today.
Vio® comes to offer an extra layer of authentication to web application software and other enterprise resource planning systems deployed for your institution or business.
Vio® offers two of the authentication protection components which are; what you know and what you have. What you know is often times your PIN or your password to access an enterprise resource over the network be it a document management system (DMS) or a web portal. What Vio® authentication suite delivers to the enterprise is an enforcement of what you know (password or pin) and what you have (physical token device – this generates a one-time password OTP).
Server authentication to the user
Vio® ensures that the user seeking authentication to an enterprise resource over the network knows for sure, that the server he/she is trying to access is not cloned, fake or wrong. This is the two-way component of Vio®. It not only authenticates the user to the server via passwords and one time token keys, it also authenticates the server to the user (making phishing a thing of the past).
Per transaction OTP generation capability
Seamfix Vio® can be implemented in different modes for the protection of critical financial systems. It can be deployed such that an OTP is required during the login phase, it can also be deployed in a way such that each unique transaction requires its own OTP. Either way, our developers and integrators can build in the flavor that most suites your business rules and delivers optimal benefits in short and long terms.
Secondary secure channel for OTP communication with user
Most Trojan attacks and man in the Middle attacks that exploit traditional one factor and possibly two factor authentication engines can be considerably reduced if the media and channel for the communication of the OTP differs from the system that communicates the first factor authentication. Seamfix Vio® can offer alternative media in JAVA based mobile solutions and SMS for the communication of the OTP over encrypted and secure channels. This also makes it additionally difficult for an attacker to fully exploit the authentication engine.
One Time Password Generation
The key attribute of VIO is its ability to generate one time passwords that have limited validity, thus ensuring that even if they fall in the wrong hands, the risk of a breach is greatly minimized. With VIO your device generates two onetime passwords – one that authenticates the user to the server, and another which the user is able to match to a password presented by the server to authenticate itself to the user.
Easy Integration with Existing Systems
VIO is designed to provide additional security to existing systems and as a result is designed to integrate seamlessly. It integrates to 3rd party systems via SOAP web services allowing the use of a widely adopted set of standards to guarantee effective communication between existing systems and VIO.
VIO can run all Java enabled mobile phones and PDAs as well as on desktop computers, irrespective of what operating system the computer runs on. This platform independence for computers and the ubiquitous nature of java enabled mobile devices means that there is no shortage of compatible devices on which VIO can run.
Other two factor authentication solutions
Seamfix has other means of achieving two-factor authentication via the decade old PIN/TAN alternatives. If this system poses to be cheaper and affordable for the customer, we have expertise that can build operational roadmaps that will enable the customer derive optimal benefit from such systems. Your security investments should be made before and attack, not after!
Click here to Contact Us, today for consulting, support and pricing so that Vio® can do for you what we have done for our customers. Click here to Vio® product Guide