16.05.2008
Languages: In English Suomeksi
Valimo Wireless Valimo Wireless
About Valimo Products Customers Partners News and Events Site Map
News and Events
News
Events
Highlights
Contact Info

News Archive 2007

10.12.2007
Australia-based ZDNet reports heightened concerns about one-time passwords sent via SMS
"SMS-delivered two-factor authentication will be dead in three years, according to National Australia Bank's general manager of technology, risk and security, Gary Blair."

On 7.12.2007, Liam Tung from ZDNet Australia documents the growing awareness that passwpords sent via SMS are not as secure as anticipated since:

"The key challenge posed by the emergence of mobile phone banking is that the phone and SMS networks will no longer be considered "out of band", which today is considered a key advantage of using SMS networks to deliver the one-time passwords, since it prevents "man-in-the-middle attacks."

National Australia Bank's general manager of technology, risk and security, Gary Blair, however highlights the convenience of using SMS 2-factor authentication.

Liam Tung thus concludes: 

"Any subsequent system will need to offer a similar or better level of intuitiveness if banks expect it to be used . ... ."

Valimo's mobile signature solution adresses the concerns raised against the SMS 2-factor authentication approach and it offers the same level of user convenience.

When using Valimo's mobile signature solution:

  • Consumers receive authentication and signing requests to the mobile phone via Valimo Validator - MSSP.  The product uses public key cryptography and an authorization process that allows only bona-fide online banking systems to reach the user's mobile phone
  • Consumers do not need to manually copy text out of the received short message.  They confirm the login or transaction by returing a digitally signed message via SMS to Valimo Validator - MSSP
  • The communications between VMAC (i.e. the signing application on the phone's SIM card) and the online banking system is encrypted.
  • For each authentication or transaction signing event sent to the consumer  there is an electronic record (i.e. digital signature) that can be verified by a third-party process. 

The basis for verifiying and validating an authentication or signing event is:

  1. The user's digital certificate
  2. The text that was sent to the phone
  3. The digital signature, generated by having the user enter a Signing PIN.
  4. The authenticated online bank system that communicated with Valimo Validator - MSSP

Still unsure about the value- and security-added of mobile signatures and Valimo's offering?  Contact Valimo and we walk you through each feature.

 Source: ZDNet article from Liam Tung


Back to news topics

News Archive 2008
News Archive 2007
News Archive 2006
News Archive 2005
News Archive 2004
News Archive 2003
News Archive 2002
News Archive 2001
Highlights

GSMA Mobile Innovation Award Finalist 2008

Learn about Valimo
in under 60 seconds

Valimo Solution Overview Leaflet

Red Herring 100 Europe Finalist

Download the Valimo Finance Brochure

 

See the user experience with Valimo´s flash demo.

To view the demo you need a Shockwave player.

Read new research on mobile signatures featuring Valimo

Forrester Research Extending Mobile Identity Beyond Authentication Nagel

How to get mobile signature SIM-card in Finland:


Interested in working at Valimo?  We are looking for a SIM Application Software Engineer

phone

Interested in how we handle your personal contact information? Click here.

Valimo Products Overview
A fact sheet listing all Valimo products

14.05.2008
First report published on innovative mobile signature & identity services
Mobile signatures are a success, concludes a new report from Forrester Research.

Witness mobile signatures on display at CeBIT Eurasia 2007

CeBIT Eurasia photos

Downloads


Test your mobile certificate service from Elisa and VRK ( The Finnish population register center)