16.05.2008
Languages: In English Suomeksi
Valimo Wireless Valimo Wireless
About Valimo Products Customers Partners News and Events Site Map
News and Events
News
Events
Highlights
Contact Info

News Archive 2007

13.11.2007
SMS one-time passwords are vulnerable
Finextra reports on unacceptable human error rates when just relying on passwords sent via SMS.

The study conducted by Queensland University of Technology (QUT) in Australia reports that manual entering of one-time passwords from a short message to an online bank login website still carries a high risk factor.

Valimo's mobile signature solution adresses the concerns raised against the OTP method. 

When using Valimo's mobile signature solution:

  • Consumers receive authentication and signing requests to the mobile phone via Valimo Validator - MSSP.  The product uses public key cryptography and an authorization process that allows only bona-fide online banking systems to reach the user's mobile phone
  • Consumers do not need to manually copy text out of the received short message.  They confirm the login or transaction by returing a digitally signed message via SMS to Valimo Validator - MSSP
  • The communications between VMAC (i.e. the signing application on the phone's SIM card) and the online banking system is encrypted.
  • For each authentication or transaction signing event sent to the consumer  there is an electronic record (i.e. digital signature) that can be verified by a third-party process. 

The basis for verifiying and validating an authentication or signing event is:

  1. The user's digital certificate
  2. The text that was sent to the phone
  3. The digital signature, generated by having the user enter a Signing PIN.
  4. The authenticated online bank system that communicated with Valimo Validator - MSSP

Still unsure about the value- and security-added of mobile signatures and Valimo's offering?  Contact Valimo and we walk you through each feature.

The Finextra news item concludes:

"However in the UK ost banks are avoiding SMS systems in favour of a programme, backed by payments association Apacs, to roll out handheld chip and PIN devices to Internet banking customers."

For Valimo's mobile signature offering there is no need to distribute chip and PIN devices.  Consumers use their GSM phone and a mobile signature-enabled SIM card to achieve the same level of security with a clear advantage on ease of use and user convenience.

Source:


Back to news topics

News Archive 2008
News Archive 2007
News Archive 2006
News Archive 2005
News Archive 2004
News Archive 2003
News Archive 2002
News Archive 2001
Highlights

GSMA Mobile Innovation Award Finalist 2008

Learn about Valimo
in under 60 seconds

Valimo Solution Overview Leaflet

Red Herring 100 Europe Finalist

Download the Valimo Finance Brochure

 

See the user experience with Valimo´s flash demo.

To view the demo you need a Shockwave player.

Read new research on mobile signatures featuring Valimo

Forrester Research Extending Mobile Identity Beyond Authentication Nagel

How to get mobile signature SIM-card in Finland:


Interested in working at Valimo?  We are looking for a SIM Application Software Engineer

phone

Interested in how we handle your personal contact information? Click here.

Valimo Products Overview
A fact sheet listing all Valimo products

14.05.2008
First report published on innovative mobile signature & identity services
Mobile signatures are a success, concludes a new report from Forrester Research.

Witness mobile signatures on display at CeBIT Eurasia 2007

CeBIT Eurasia photos

Downloads


Test your mobile certificate service from Elisa and VRK ( The Finnish population register center)