Swivel has announced the launch of the new version of its PINsafe authentication technology to enable in-bound SMS authentication.
The technology, which uses a fixed PIN and a patented random security string protocol to generate one-time codes (OTC) for each login session, now allows a user to complete the login process by sending the OTC via an internet connection to the authentication server.
According to the company, PINsafe v3.8 gives the user the option to return the OTC via SMS transport for total, out-of-band user credential protection, especially against the threat of phishing and man-in-the-middle attacks.
PINsafe v3.8 also incorporates additional system management enhancements, including a new mobile client model, advanced security string delivery options, user policy management and a new reporting feature. Support is also offered for Java-based mobile phones and PDAs, including the Apple iPhone and Google Android devices.
Swivel said that PINsafe v3.8 enforces a client authentication policy which ensures that the mobile client is linked to a specified device, can only be used by the associated user and cannot be used to access other users' security strings. This feature is particularly aimed at users who are required to operate in areas with poor or unreliable cellular network coverage, such as on board a ship at sea or in remote parts of the world.
Swivel managing director Richard Harris told SC Magazine that the original product had been launched around eight years ago but has now changed completely to allow the random number generator to work with new applications with a fall-over failsafe.
Chris Russell, VP of engineering at Swivel, said: “PINsafe was first launched in 2003 and since then internet and mobile technology has made major advances at all levels. At the same time security threats have become more sophisticated and companies are faced with increased pressure to enforce data protection procedures.
“PINsafe v3.8 provides system administrators with a highly flexible, secure and future-proof authentication platform to enable their organisations to keep pace with new technologies without compromising the security of the entire network.”