InTTrust solution “Trust-OTP” is a system that allows the software generation and validation of One Time Passwords in order to authenticate a user at the time of a transaction execution. The client of the system is available either as application for smartphones, or as library for linking with other applications. In order to accomplish this, it uses:
- a common shared secret key that is generated during the initialization phase with collaboration between the end user and the Trust-Controller.
- a challenge key that is generated by the Trust-Controller (using transaction data) at the time when a transaction is about to be executed and is presented to the user (QR code).
- a timestamp that is shared between the Trust-Controller and the client application that is in the end user’s possession.
All this information is combined in order to generate a One Time Password that is presented to the user who is then required to enter it into the channel where the transaction was originated in order to complete the transaction.
- Improve customer user experience & engagement
- Turn-Key solution because internal bank’s Internet banking modifications can be implemented by InTTrust
- Capability to support OTP authenticated transactions for automated users for corporate banking
- Secure and robust solution
- InTTrust guarantees support and extensibility
- Flexible initialization process (Call Center/ATM/Branch)
- No Internet connection/mobile network/SMS required, therefore less cost and greater flexibility
- SMS functionality for non-Smartphones
- More cost-effective than H/W OTP Tokens
- Provides defense against MITM/MITB attacks
- QR code with transaction information for extra security
- Easy configuration of time window for OTP validity
- Challenge-based, Event-based and Time-based OTP generation
- OTP generation based on RFC6238/RFC4226
- Complies with Initiative for Open Authentication (OATH)
- Easy integration of Trust-OTP with other applications using supplied libraries
If you want to know more, contact us.