|
|
2 December 2009
Thales, leader in information systems and communications security, announces SafeSign Mobile
Authentication which enables strong authentication using a mobile device. Suitable for many online
applications including financial services and government, SafeSign Mobile Authentication provides
security against man-in-the-middle attacks, while also giving users the freedom of secure banking
anywhere, anytime with the convenience of using their own mobile device. The solution, developed in
partnership with Salt Group, global leader in the development of high assurance mobile authentication
solutions, offers a choice of mobile authentication solutions for secure log on, transaction signing and
payment authorisation. Organisations can choose from SMS or Java-based solutions to ensure that the
most appropriate level of security is applied to transactions.
SafeSign Mobile Authentication provides users with a more convenient token-based solution for both
secure log-on and the signing, verification and authorisation of transaction details. Standard Chartered
Bank in Hong Kong has already adopted the solution for transaction authorisation in its corporate internet
banking system, while the State Government of Victoria in Australia has selected SafeSign Mobile
Authentication for secure log-on to government services.
Mobile authentication is attractive to customers as it represents a more cost-effective security solution
since there are no distribution costs. Furthermore, as the solution relies on a ubiquitous device – the
mobile telephone – as the secure channel to generate or exchange security information, it is cheaper and
simpler than setting up a public key infrastructure or providing and managing specialised tokens.
Ross Oakley, Managing Director of Salt Group, comments, “Seventy per cent of today’s global population
already carries a mobile phone, so extending its use to authentication and transaction authorisation
seems a natural development and one that users should readily accept. With a choice of mobile
authentication mechanisms, customers can choose the most appropriate level of security for their
business. However, regardless of the token chosen, mobile authentication offers significant operational,
cost and deployment benefits while also maintaining the high assurance characteristics associated with
more traditional devices.”
Franck Greverie, Vice President, Managing Director for the information systems security activities of
Thales, adds, “With the addition of mobile authentication, our SafeSign solution supports an unequalled
range of contemporary authentication mechanisms from the world’s leading providers including
specialised tokens, EMV CAP, PKI and smart cards. Financial institutions and governments can deploy a
single enterprise authentication hub, supporting various authentication mechanisms geared to the needs
and preferences of their customers and to the security requirements of their services. This single
authentication infrastructure results in lower capital and operating costs, improved governance and
shorter time to market.”
20 July 2009
Announcement of iPhone support continues Salt Group's commitment to the support of contemporary mobile operating systems with Blackberry, Symbian, Microsoft, Java and now iPhone platforms all supported. The initial release of mCode on iPhone will be available for customer shipment by end July, with support of mSign and mSign remote scheduled for release in September 2009.
February 2009, Melbourne
The first user of the service will be the Department of Human Services. The service will utilise SMS delivered one time passwords and Salt's mCode handset based OTP tokens.
The service is underpinned by Thales SafeSign authentication platform also supplied by Salt Group.
11th December 2008, Brisbane
The solution provided to the QPS, includes identity smartcards for access to every QPS computer across the state, as well as entry into key headquarter buildings.
As part of the solution, Thales Australia, as prime contractor, is also providing card readers, and specialised smartcard printers.
Thales will deliver the project with the support of Salt Group, a Thales SafeSign implementation partner. Salt Group will provide the ongoing maintenance and support for the SafeSign software.
November 2008
Following Thales’ acquisition of the nCipher company in October 2008, Salt Group can now offer the full range of nCipher hardware security modules and key management solutions to organisations seeking to address their needs for high grade data protection and security.
This product range complements the proven Thales eSecurity hardware cryptographic products which will continue to be sold and supported by Salt Group.
16 June 2008
SSMS Release 8 provides a range of new features aimed at extending the breadth of authentication device support available within SSMS with support now available for the personalisation and lifecycle management of Thales PSM,s Vasco tokens, RSA SecureID tokens, EMV and a range of PKI enabled smart cards incorporating both contact and contactless interfaces.
Release 8 also provides more powerful integration with Thales SafeSign Authentication Server, making SSMS the logical choice for existing Authentication Server customers who are seeking to streamline their token, device and credential issuing and management processes.
Thales, a leading supplier of IT security products and solutions for all critical infrastructures, today announced the launch of a packaged pilot version of its market-leading identity management and authentication solution, SafeSign, for mobile authentication. The pilot package is aimed at enterprises, banks and corporates, which need to implement strong authentication systems quickly and cost-effectively. The solution allows customers and employees to securely access services, such as online banking or work stations, using a mobile phone as the security token, removing the need to carry a dedicated hardware token.
As the worldwide mobile subscriber base is expected to increase from 2.6 billion at year-end 2006 to approximately 4.9 billion by year-end 2012* , the mobile phone is increasingly becoming a ubiquitous and cost-effective platform for authentication.
Thales' SafeSign mobile authentication pilot allows companies to quickly implement stronger security solutions in response to industry regulation or security breaches. By using the SafeSign pilot package, a strong authentication environment can be set up in under 20 minutes, revolutionising the pilot phase of a project, saving valuable time and enabling companies to react more quickly to changing security requirements.
As companies recognise the security weaknesses inherent in user ID and password log-ins, there is a growing need for two-factor authentication solutions to enhance security. Using a mobile phone for two-factor authentication is particularly attractive as there is no requirement for end users to carry a hardware token and organisations do not have to set up a new token infrastructure. Organisations can leverage the sophisticated support and distribution network that trusted mobile operators have already developed to reliably deliver services and mobile devices to millions of users.
Paul Meadowcroft, head of transaction security for the e-Security activities of Thales, commented, “Our SafeSign solution supports a range of security tokens, but the mobile phone is gaining traction as an authentication device as many of us carry our phones with us all the time. By offering this service in a pilot package, we are enabling our customers to save the time, money and resource that is often ploughed into traditional pilot projects. Such considerations are crucial at a time when many of our customers are under pressure to respond quickly to a constantly evolving security environment. The ability to easily run a proof-of-concept programme before committing to full-scale deployment also provides customers with the confidence that they are investing in a solution which will meet their business and security needs.”
Thales' SafeSign mobile authentication pilot package offers three different levels of authentication depending on customers' needs in terms of exposure to risk and the level of security required. One-off security details can be delivered to the user through an SMS or the handset can be configured to generate a one-time password or, for the strongest level of security, a challenge-response.
* Mobile Factbook 2007, Portio Research Ltd.
Salt Group today announced the availability of a Software Developers’ Kit for its mobile authentication technology.
Salt’s mobile authentication tokens are already supported within the Thales’ SafeSign and ActivIdentity 4TRESS authentication server products. The introduction of an SDK further enhances the richness of the product and will enable systems integrators and product developers to quickly implement the full range of Salt tokens into their environment, providing provisioning, activation, support and authentication functionality.
The SDK has been designed to minimise the integration effort and fully abstracts the internal intricacies of the product from the developer.
It is expected that SDK users will be able to fully integrate Salt’s tokens into their environment in a matter of days using the SDK.
Enquiries regarding functionality, availability and pricing of the SDK should be made to sales@saltgroup.com.au
Salt Group and ActivIdentity have completed the integration of Salt Group’s Mobile Authentication Tokens with ActivIdentity’s 4TRESS Authentication Server. Through this initiative, Salt tokens are now fully supported within 4TRESS, enabling provisioning and activation of the tokens using standard 4TRESS administrative processes.
Salt’s MCode tokens support OATH OTP with support for OATH Challenge Response operations in development.
ActivIdentity offers a complete Strong Authentication platform including the 4TRESS™ family of authentication servers for enterprise and consumer authentication. Adding support for Salt’s MCode software tokens bolsters the Actividentity suite of personal security devices that includes one-time password tokens, smart cards, ActivKey™ USB tokens, and DisplayCards™.
Salt Group's work in the identity management and authentication space was recently acknowledged by Thales eSecurity through its award to Salt Group of Premier SafeSign Reseller in the Asia Pacific region. This award follows on from Salt’s successful SafeSign implementations at major banks in Australia and recognizes our deep understanding of the SafeSign product set.
Salt's mobile authentication products are also supported within SafeSign, thereby enabling SafeSign customers globally to rapidly deploy Salt Mobile Tokens, and enjoy the real cost and usability benefits, at minimal implementation cost and low operational impact.
Salt Group has demonstrated interoperability of its MCode Mobile Authentication Token with both Thales SafeSign and ActivIdentity 4TRESS™ authentication middleware.
The ease with which these interoperability tests proceeded highlights the future power of the OATH philosophy and standards which will in the future enable large issuers of tokens to offer a variety of tokens and token form factors to their online customers.
Issuers will be able to align their token issuance models to support customer preferences and the issuer’s operational and channel strategies without changes to their underlying core authentication systems infrastructure.
OATH - Open Authentication
OATH is a collaboration comprising of industry leaders to develop an open reference architecture by leveraging existing open standards for the universal adoption of strong authentication.
Salt Group is committed to the ongoing support of oath compliant mobile authentication products through its MCode PIN Protected One Time Password product line.
Mobile Phone-Based Two Factor Authentication Partnership between Salt Group and Thales eSecurity.
Thales today announced the launch of its SafeSign mobile authentication solution in the Middle East. SafeSign, the award-winning multi-channel, multi-credential authentication platform, now enables organisations in the region to offer their customers a convenient and cost-effective way of authenticating their identity via a mobile phone helping to improve online security.
Two Factor Audio Tokens for the Sight Impaired
Salt Group has announced the release of the most convenient audio based strong authentication token available to sight impaired users.
Support is available for MSign and MCode tokens enabling sight impaired users to access authentication codes directly from their mobile phone based token using standard handset audio speech features whilst leveraging the high authentication assurance properties of the standard MSign and MCode tokens.
This development enables issuers to provide convenient authentication mechanisms to their sight impaired customers using a familiar form factor, whilst preserving the assurance level and systems interfaces and infrastructure used for existing tokens.
| |
