Mobile phones now are not just used for wireless communication, they have also become a medium for home banking and performing financial transactions. As these transactions involve sensitive user data, relying just on user name for authentication is not sufficient.
To secure the mobile transactions from Man-in-the-Middle (MITM) or other related attacks, CA provides mobile applications, which must be downloaded to the user’s mobile. CA mobile applications are based on ArcotID PKI and ArcotID OTP credentials, which are software credentials that provide two-factor authentication. These credentials use CA-patented Cryptographic Camouflage technique for securely storing keys.
In Cryptographic Camouflage, the keys are not encrypted with a password that is too long for exhaustive attacks. Instead, keys are encrypted such that only one password will decrypt it correctly, but many passwords will decrypt it to produce a key that looks valid enough to fool an attacker. As a result, this method protects a user's private key against fraudulent attacks, as a smart card does, but entirely in software.
To integrate ArcotID PKI mobile authentication with your application, you can either choose the ready-to-use ArcotID PKI Application available in the mobile vendor’s store or build your own applications by using the Software Development Kit (SDK) that is shipped with the ArcotID PKI mobile authentication.
The ArcotID PKI Mobile Authentication Developer’s Guide is designed to be a reference manual for you as you create mobile-based custom applications that use ArcotID PKI for authentication.
Notes:
Note: CA ArcotID PKI Mobile still contains the terms Arcot, WebFort and ArcotID in some of its code objects and other artifacts. Therefore, you will find occurrences of Arcot, WebFort and ArcotID in all CA ArcotID PKI Mobile documentation. In addition, some of the topics in this guide do not follow the standard formatting guidelines. These inconsistencies will be fixed in a future release.
|
Copyright © 2013 CA.
All rights reserved.
|
|