Out-of-band authentication (OOB) techniques, such as sending SMS or Push notifications to mobile phones, are additional safety mechanisms to verify a transaction. These practices mitigate the existing risks because the passcode is sent using a different communication channel from the one the customer is using to initiate the transaction.
But nowadays, an increasing percentage of mobile devices are jailbroken or may have some sort of malware, and therefore should be considered untrustworthy endpoint devices.
In an untrusted smartphone, OOB techniques are unable to face in an efficient way the newest threads like Man-In-The-Middle or Trojan Attacks.
Movilok enhanced-out-of-band authentication adds an additional level of security while preserving high usability:
The phone cooperates with another paired device (such as wearables devices: a smartwatch, glasses, wristband…).
Thus, the code received by the phone (eg. SMS or push) acts only as a challenge. There is no problem if it is intercepted by malware.
The linked devices cooperates with the phone, calculates the final passcode and displays it to the user.
- patent pending -