IBM offers 2-factor authentication package for securing Android mobile transactions

IBM mobile security system is based on the near-field communication (NFC) standard, uses AES

IBM engineers today said they have developed a simple two-facto security system that can be used to handle mobile transactions such as online banking and accessing private clouds.

IBM said that the system, available for Android 4.0 devices, is based on the near-field communication (NFC) standard and uses a contactless smartcard.  Users would hold the card against the NFC reader of the mobile device and after keying in their PIN, a one-time code would be generated by the card and sent to the server by the mobile device.

[WHAT'S COOL: World's craziest Halloween coffins]

The IBM technology is based on end-to-end encryption between the smartcard and the server using the National Institute of Standards & Technology Advanced Encryption Standard) (AES) scheme. Current technologies on the market require users to carry an additional device, such as a random password generator, which is less convenient and in some instances less secure, IBM stated.

The system is not unlike many two-factor systems in use today, IBM said.  Many consumers use two-factor authentication from a computer, when they are asked for both a password and a verification code sent by short message service. IBM scientists are applying the same concept using a personal identification number (PIN) and a contactless smartcard. The contactless smartcard could be a bank-issued ATM card or an employer-issued identity badge.

According to a recent report by ABI Research, the number of NFC devices in use will exceed 500 million in 2014. This statistic and the fact that 1 billion mobile phone users will use their devices for banking purposes by 2017* make for an increasingly opportune target for hackers.

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Check out these other hot stories:

Gartner: Top 10 future strategic IT predictions

Instagram is wrecking your dinner (and lunch too for that matter)

Online "revenge porn" gets a smack-down. More on the way?

DARPA adds $15.5 million to help take semiconductors beyond Moore's Law

FTC for first time spanks illegal text messenger with $1M fine

Air Force wants technology that will let drones sense and avoid other aircraft

How do you define a cybersecurity "professional'?

FBI warns "Beta Bot" malware can kill your anti-virus programs, steal data

Energy Department spends $30M to bolster utility cybersecurity tools

Orbital Science just made private space arena way more interesting

DARPA hunts airplane-like spacecraft that can go Mach 10

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.