|
Lead
Securing m-Commerce
SLIM helps make secure payments over your mobile phone, locks
down handsets to deter theft and safeguards sensitive data. By Vinita Gupta
 Today
you can use a mobile phone to conduct transactions and hence it is crucial to
secure the information present on a mobile device.
Verity Technologies, a mobile services company in the domain of authentication
and identity services, has launched an innovative device called StartLok Identity
Module or SLIM that works with your mobile device. The company has invested
two million pounds over a span of four years to bring SLIM to market. The device
was conceptualized in the UK; the software for it was developed at the company’s
R&D centre in Bangalore while the component design is done in the UK. Around
20 people at the R&D centre in India work on this project.
How it works
|
 "We
have created an unobtrusive device that does not need to interface with
any other device or the phone physically and works simply because it is
in close
proximity to the phone"
- Shivkumar
CTO, Verity Technologies
|
The SLIM is akin to a thicker credit card. The device has
a few kilobytes of storage, which is sufficient to store encryption code. It
also has the processing power (to do encryption) and supports Bluetooth.
The initial step is to enroll and activate the device. For activating the device,
you have to visit the company’s site and sign up in a new account and activate
the SLIM by giving your mobile number. The server will send a small application
to your mobile phone.
The application on the phone keeps talking to the SLIM. When
the relationship between the mobile handset and the SLIM is broken, the application
on the phone locks it. The distance in which the mobile and card will work ranges
from 5-10 meters. The device can work in two modes: real-time and on-demand
authentication mode. The device has a rechargable battery; in the real-time
mode, the battery can work continuously for 48 hours.
To access the device you need to enable Bluetooth on your mobile but you can
do this in non-broadcast mode so that your phone does not show up on other Bluetooth
enabled devices. There is encryption between the device and the mobile.
Shivkumar, CTO, Verity Technologies, said, “The authentication is unique
as it consists of the unique mobile handset number, SIM card number and mobile
number of the user. There is also a Universal Unique Identification number (UUID)
for each SLIM.”
- The SLIM is a Bluetooth equipped device
that works on a 1 to 1 basis with almost any Bluetooth enabled mobile
phone
- To make it work with the phone during
the enrolment process, Verity send a text containing a small piece of
client software to the user
- Activation of the software and the SLIM
occurs while enrolling and the handset only requires minimal user input
- The SLIM establishes a secure connection
to the mobile phone and the mobile phone establishes a secure communication
to the StartLok Authentication Centre (SLAC) via SMS, GPRS or 3G. This
means that the SLAC can now open up a secure dialogue to the SLIM
|
Multifactor authentication
When a transaction request occurs, the StartLok Authentication Centre (SLAC)
checks the Mobile, the SIM card, the SLIM and finally a biometric. This establishes
that the end user can only be the registered user. The SLIM is designed in such
a manner that it will only work with the nominated mobile that is registered
on the SLAC during enrollment. It cannot work with any other handset, unless
you reconfigure it to do so, like when you change to a new phone. Each SLIM
is unique which means that if a SLIM is copied or cloned it cannot be used as
the SLAC will not countenance a SLIM being used twice. Each SLIM also contains
an embedded fingerprint reader.
“Our product does not directly deal with money transactions. We provide
authentication services to providers who enable mobile transactions. By virtue
of our ability to provide anonymous, multifactor authentication, we ensure that
the transactors can be authenticated in a foolproof and anonymous manner,”
mentioned Shivkumar.
The SLAC can handle multiple authentication requests from different sources,
such as banks and merchants and it operates in an anonymous fashion by only
accepting pseudonyms from the originating source that requires the authentication
thereby ensuring full anonymous data integrity. The Verity’s SLAC consisting
of the servers is co-located at Net4India’s centre.
For those sources that cannot comply with this requirement, a conversion server
is under development. This server will deal with varying interface and anonymous
requirements which are necessary to support legacy technologies that still exist
within the originating source’s (i.e. e-Payment gateway, ISP, merchants,
government departments etc.) operating environment.
- This is the only product that offers anonymous
authentication. This means that there is no personal user data stored
either on the phone or the SLIM itself thus reducing lost device liability
to a minimum
- This product can be integrated into a
variety of existing payment and authentication systems using a well
defined application programming interface (API)
- It can be used to lockdown handset applications
on a real time basis
- It is the only device on the market, which
enables true multifactor authentication. Most commonly used two factor
authentication uses the mobile phone itself as one factor and a numeric
PIN as the next factor. With the SLIM, it is possible to have a third
factor as a fingerprint, a fourth factor as another SLIM and so on
|
User benefits
The USP of any product and service lies in its simplicity. People generally
do not want to be bogged down by devices that require them to remember passwords,
synchronize with other systems and so on.
Shivkumar said, “We have created a device that is unobtrusive, does not
need to be physically interfaced with any other device or the phone and works
simply because it is in close proximity to the phone.
We are targeting the user community who are comfortable using
either their credit card or their mobile phones for their transactions and are
looking to enhance the security of carrying out such transactions.”
The price of the SLIM ranges from $10 to $50, it is also available on a service
module basis, in which the user does not have to pay for the device but based
on the volume of transactions.
The verticals that hold the most opportunities for the SLIM are microfinance,
Mobile Phone OEMs, credit card issuers and Internet commerce sites.
Verity Technologies is planning to tie up with financial institution and banks
so that they can link a credit card with a unique number and the higher customer
risk cell can use this information to reduce losses caused to the customers.
In this scenario, whenever you use your credit card, the bank sends you a message
asking for confirmation of the transaction. In the biometric solution, the user
has to swipe his finger on the SLIM.
The company is working with some organizations that are rolling out microfinance
initiatives in the rural market. “For the rural market, we are attempting
to solve the problem of non availability of a Bluetooth-based biometric scanner
by integrating the SLIM with the microfinance applications,” said Shivkumar.
Companies can also use the SLIM for access control. For this, Verity is planning
to tie up with the two types of companies: companies providing access control
services and the organization directly who want to provide this solution to
their employees.
vinita.gupta@expressindia.com
|
