IBM engineers today said they have developed a simple two-facto security system that can be used to handle mobile transactions such as online banking and accessing private clouds.
IBM said that the system, available for Android 4.0 devices, is based on the near-field communication (NFC) standard and uses a contactless smartcard. Users would hold the card against the NFC reader of the mobile device and after keying in their PIN, a one-time code would be generated by the card and sent to the server by the mobile device.
The IBM technology is based on end-to-end encryption between the smartcard and the server using the National Institute of Standards & Technology Advanced Encryption Standard) (AES) scheme. Current technologies on the market require users to carry an additional device, such as a random password generator, which is less convenient and in some instances less secure, IBM stated.
The system is not unlike many two-factor systems in use today, IBM said. Many consumers use two-factor authentication from a computer, when they are asked for both a password and a verification code sent by short message service. IBM scientists are applying the same concept using a personal identification number (PIN) and a contactless smartcard. The contactless smartcard could be a bank-issued ATM card or an employer-issued identity badge.
According to a recent report by ABI Research, the number of NFC devices in use will exceed 500 million in 2014. This statistic and the fact that 1 billion mobile phone users will use their devices for banking purposes by 2017* make for an increasingly opportune target for hackers.
Check out these other hot stories: