We help people who store information sensitive to unauthorized access on their mobile devices. This kind of information may not be required very often. However, the risk of its disclosure is comparable to the risk of theft of documents and valuables from home. Therefore, a person agrees to carry the keys to the front door and the token for the smartphone. On the other hand, a person uses tokens according to the rules of online banks or the employer.
We offer a tool that does not have analogues in terms of security (the probability of interception of data is equivalent to the possibility of donating an attacker from hand to hand your unlocked phone) and which has no analogues in terms of compatibility with all mobile devices without any additional conditions.
We make the process of using security tokens simple and intuitive. The user does not have to understand the technical details of smartphones and their means of protection.
The innovative token is unique - it communicates with a smartphone in the safest way in the world. The user puts the token (a small key fob) to the touch screen of the smartphone and the token passes a code using capacitive coupling, which cannot be intercepted. In turn, the token receives a code from the mobile application through the screen using hidden optical channel. After mutual verification of the token and the application, access to the data is provided. The token is intuitive to use, does not require technical knowledge from users to configure mobile devices, and fills the "gap" in the existing market segment. Consumers want to be able to securely store their data without having to enter a complex password each time. Moreover, users can use one token for all his mobile devices and send encrypted data between them over the Internet. By opening the application, he can use the automatic entry of passwords encrypted in it to enter websites or other applications (Internet banking, mobile payments, social networks, gaming sites, government services, business applications).
Such applications are called password managers. In addition to the safe storage of logins, passwords and other data, the application counteracts phishing - checks links and, if they lead to malicious sites - the login and password are not entered. The security token solves the problem of storing the master password (manager’s password itself), as when it is compromised, all user data will be compromised at once. In case of loss or theft of the token, the user's information is protected by a PIN code, and access to them in such a situation can be achieved by manually entering a complex password that the user stores in a safe place.
Competitive advantages of the new token.
- The token works anywhere in the screen in any orientation, with flagships and simpler mobile devices. Configuring and activating interfaces: radio, video, audio, wired for a mobile device is not required (as well as additional battery power consumption). The screen is always ready for use.
- There is a touch screen on all mobile devices (including a number of laptops). While some mobile devices are equipped with micro-USB connectors (Android), the other part are branded connectors (Apple). Some smartphones have an NFC channel, while others do not (including the iPad). The presence of NFC does not mean that tokens can use it (in the iPhone, access to third-party developers is limited). Manufacturers tend to change the types of connectors in new generations of devices, forcing users to change related peripheral equipment.
- A connector is not required, which means it does not loose and does not have to be searched for (especially in the dark). The new token cannot be forgotten in the connector.
- The password can be changed (unlike biometrics).
- A backup copy of passwords can be copied in a protected form using a mobile application for a spare token, saved to a file or printed (for storage in reliable places).
2. Security (comes first, but people use only those things that are convenient for them):
- The communication channel of the token with the mobile device cannot be intercepted. The radio channel is not used, which means that there are no risks of data interception and unauthorized remote use of the token (when the user does not see and does not know about it) that exist when using Bluetooth, Wi-Fi, NFC channels.
- The use of complex and long passwords. Passwords can be easily changed if necessary (they can be created by the user or generated using the token). The token enters complex passwords; therefore, the “know” factor is greatly simplified simultaneously with increased security and comes down to entering a short PIN code by the user (this feature can be disabled for non-critical data).
- The invisibility of use. The password during entry is closed by the token body and is not visible (unlike tokens that generate one-time passwords that must be read and entered manually). The new token does not stick out of the connector and the fact of its use is not obvious to others.
Upon entering the market, the token protects a compatible mobile application - password and data manager. The token enters the password automatically. The second security factor is the PIN code. As the company develops, plugins for other popular applications are being developed. The token can be used to enter or confirm transactions on sites, in social networks, mobile banks. In a broader sense, the token can be used in conjunction with other local and global information systems in access control systems. The proposed technology is combined with various authentication systems. The mobile application can be supplemented with an authentication module for working with electronic signatures.
Thus, the new token has great prospects for the release and consolidation of information security tools on the existing world market, as well as the expansion of the target audience of users of multi-factor authentication.