Authenticators

It will be difficult to impose the same physical authenticator device for everyone. We need to think backwards : do not start from the device but instead think in terms of a solution available for all: a software solution multi-device.

Our coding tables are compatible with all the physical devices : from the cheapest and most basic (CD card, USB stick) to the most advanced (USB crypto-key , SIM card, samrtcard) while keeping a strong security level. The XCA and XCC solutions can use several physical authenticators which are also selectable according users type.

One can ask today if the mobile or smart phone is a good physical authentication device ?

According to the ARCEP numbers( French regulation authority for Electronic communications and Postal services)Autorité de Régulation des Communications Electroniques et des Postes), France hold about 53 millions subscribers as of end 2007, 56 millions end of 2008 and 61,4 millions end of 2009. In 2009, 82% of the french population above 12 years old owns a mobile phone. The mobile phone is a SIM card reader widly spread today in the french and european population. Also, 90 % of the new phones available are capable of handling Java, that is having JVM (Java Virtual Machine).

The mobile phone is a good authenticator for citizens, consumers and businesses for the following reasons :

• expensive but already paid by consumer (or its company)
• always available by the user (like its keys)
• carefully watched by the user and perceive like a valuable personnal belonging and not easily shared with others
• able to perform authentication in many ways Mobile Internet, GSM mode by SMS or even in Unconnected mode (in that case the Java midlet acts like a token)
• open to welcome authentication software modules : newer generations include additionnal CD memory card devices
• GBA type (Generic Bootstrap Authentication) strong authentication with PIN code or using code books and associated secret code
• improved security by dual channel usage : telecommunication on top of Web

XCA authentication client runs on Java compatible phones, BlackBerry, Androïd platforms and récently on iPhone from Apple.

XCA runs on all the phones supporting a Java Virtual Machine (JVM), that is 85 % of the mobiles.

XCA in action on Blackberry : See images here.

XCA in action on Androïd smartphone : See images here. And also here this way.

The XCA strong authentication client for iPhone has been presented for the first time at Mobile World Congress in Barcelona last February 2010. It is available from NTX Research sales network since early May 2010.

Watch the video presentation, XCA Strong Authentication in action for iPhone :

Authenticate yourself in full security on your favorite services or servers with your iPhone including its XCA application from NTX Research. An OTP (One Time Password) is sent for each transaction amongst billions of possibilities. Ligne listenning becomes impossible. The secret code (like a PIN code) used to authenticate yourself is stored nowhere, not in the iPhone, nor on the server. You are the only one in the world to know it. Thus, the iPhone theft cannot allow pirate to authenticate on your behalf. Security in guarantedd all the way ! You can also change your secret code offline, without informing the server and of course without storing it in your iPhone...