JW Secure is advancing the state of the art in mobile interface design and device authentication. This example demonstrates progressive user authentication on a mobile checking application for a fictitious bank.
By starting with a promotional screen, the bank is able to maximize advertising revenue and uptake on promotional offers.
In order to view account balances, the user signs in with the existing online checking credentials. Subsequent logons could use a cached password or encrypted cookie, depending on the policy the bank wishes to set for user devices.
Since this is the first time the user has attempted to logon with this device, the bank can obtain a higher level of assurance by sending a one-time activation PIN by SMS to the user’s cell phone number of record. This helps fight fraud by reducing the chance of a stolen device being used for unauthorized transactions.
Since the user has authenticated with the existing static password for online checking, read-only access to account balances is offered.
In order to perform a high-value transaction, we also authenticate the device. We do this using any combination of firmware version, operating system information, installed applications, etc. This information is transmitted to the online banking service using standards-based SWT or SAML tokens and is evaluated not only to establish the identity of the device, but also to build a risk profile for the requested transaction. In this screen, a request to transfer funds is denied because the device needs to be upgraded first.
For more information about our mobile development capabilities, including user and device identity, claims-based authentication, and custom ROMs, please contact us at firstname.lastname@example.org.