IBM develops two-factor authentication for mobile transactions
IBM unveiled a new mobile authentication technology based on the near field communications standard, adding a additional layer of security to NFC-based transactions including online banking and accessing a corporate Intranet or private cloud.
The authentication technology derives from the two-factor authentication concept; e.g., asking consumers to enter both a password and a verification code sent via SMS.
The IBM solution leverages a personal identification number and a contactless smartcard like a bank-issued ATM card or an employer-issued identity badge. The user holds the smartcard next to an NFC-enabled mobile device. After the user inputs their PIN, the card generates a one-time code sent to the server by the smartphone or tablet.
The end-to-end encryption between the smartcard and the server leverages the National Institute of Standards and Technology's advanced encryption standard, IBM said.
The two-factor authentication solution is available now for any NFC-based device running Google's Android 4.0 or higher. Future updates will expand the technology to additional NFC-equipped devices based on market trends, IBM added.
IBM is offering the security solution in tandem with its Worklight mobile application platform, part of the firm's MobileFirst portfolio, which provides enterprise management, security and analytics capabilities for a range of mobile services.
The number of NFC-enabled devices in use worldwide will exceed 500 million in 2014, according to an ABI Research report issued earlier this year. ABI forecasts that manufacturers will ship a minimum of 285 million NFC-equipped mobile and consumer electronics devices this year.
Accenture, IBM and PwC lead enterprise mobility consulting market, says IDC
IBM, AT&T team on IBM MobileFirst offering
IBM: 61 percent of IT professionals see security as the top barrier to enterprise mobility