Timm Lotter, Senior Presales Consultant, APIIDA AG
The smartphone is part of our everyday live. It‘s increasingly replacing external devices and hardware. In the beginning, it was the calculator and the morning alarm clock, then the MP3-Player and the navigation system. A piece of hardware became an App.
It was only a matter of time for a replacement of the plastic credit card. Apple Pay does so with a Smartphone App. The consumer must no longer carry his credit card to pay in a supermarket. The credit card is now “digital” on the iPhone or the Apple Watch. Gone are the days when you forgot your credit card at home or in the vending machine. Who forgets nowadays his smartphone at home or with his friends?
APIIDA Mobile Authentication (AMA) does so with a solution of a Smartphone-App, that reaches the security level of a smartcard, but with less operating costs, while ensuring greater user convenience. Whether to replace an already rolled-out smartcard solution or as a modern alternative to increase security, APIIDA Mobile Authentication is always a good option.
The solution consists of a smartphone app, a specially designed client component (Credential Provider), as well as a back-end system for seamless integration in an (existing) PKI/certificate infrastructure. To meet the high security requirements, the user’s key material is generated and stored securely in the smartphone’s hardware (Secure Element) or specially secured in the app. Only the Credential Provider is installed on the client. This establishes a connection with the app and enables a smartcard-like login to Windows.
Connecting the smartphone and the client is particularly user-friendly: devices can be paired securely via Bluetooth 4.0 LE and then automatically connect. Once a connection has been established, users can specify the maximum distance between devices before the computer is automatically locked. This provides an extra level of security, as users generally have their smartphone with them.
If the user does not have access to their smartphone (due to the device being faulty, lost or having a flat battery), they can log on with a temporary password (Fallback Solution). This temporary password allows access to a fallback certificate, which is stored securely in the computer’s trusted platform module (TPM). This can also be accessed offline, giving mobile users instant access to their computer.