Overview

PINsafe is a multi-factor authentication system. The core of the solution is the Swivel one-time code (OTC) extraction protocol whereby a user is sent a security string, the user then combines this security string with their PIN number to derive a one-time code. They then use this one-time code to authenticate themselves. The strength of this system is that the user needs both the security string and their PIN in order to authenticate. The one-time code extraction protocol is simple to use, the PIN determines which characters are to be used and in which order, for the one-time code.

The example above shows how a PIN of 2468 is combined with the security string to create the one-time code 1326. PINs can be from 4 digits to 10 digits long. Security strings can be letters, numbers or a mixture of both.

This approach gives the following advantages:

The one-time code that the user enters is different for every authentication which provides defence against key-logging attacks, and many simple man-in-the-middle and phishing attacks.
The user never enters their PIN to authenticate, again providing defence against the attacks listed above.
As authentication requires two elements, the security string can be sent via a different channel to the authentication request, providing defence against man-in-the-middle attacks.
The delivery of the security string can be tied to a specific device, eg a mobile phone, providing a two-factor authentication solution.

The beauty of this basic model is that it can be implemented in a number of ways to give different user experiences and different strengths of authentication. For example the security string can be displayed as an obfuscated (TURing) image on a VPN logon page or delivered via a text message to a user's mobile phone.

Information

PINsafe

Overview

Mobile Based Authentication

Browser Based

Download PINsafe Datasheet