|
|
Web Security via the Cell Phone
| Title | Web Security via the Cell Phone |
| Aidamount | 400.000 |
| Organization | Nykredit A/S |
| Conclusion | Ingen side valgt |
| Homepage | No homepage |
| Contact | Michael Vester, Section Manager, mve@nykredit.dk |
| Other participants | Siemens A/S
The University of Aalborg |
| Theme | Industrial Develop. |
| Keywords | Distance work
IT Security
Mobil, telephony
Mobile technology, SMS, GPRS, WAP
Mobiltelefoni |
| Project start | 09 March 2001 |
| Project end | 31 December 2001 |
| Description | Purpose
The purpose of the project in this call for proposals is to provide the security conditions required for the employees of Nykredit to make use of Web applications from externally connected computers by using a cell phone. In the second call for proposals it is the intention to make this technology available in the way of a general authentification service for enterprises in North Denmark.
Background
The background for the project is the need of Nykredit and in principle all E-Business based enterprises and public organisations for a secure and authentified access to employees and customers who are using the internally and externally directed Web applications including the company's Web mail via extranet. On the company's own computers with remote connectivity, security software is used in relation to hardware devices to be able to establish a secure and authentified access to the company's internal applications. In principle all other computers should be regarded as un-secure.
The problem with the latter category of computers is that companies and organisations do not have unlimited access to install this security software on e.g. an Internet cafe in Brovst or on a customer's Internet connected computer. In addition it can be costly or awkward to supply customers and users with the hardware devices that are currently available on the martket. These devices are proprietary for each provider, and adding to this, the user is not interested in keeping track of too many proprietary devices.
The Cell Phone as a Security Key.
From his own computer which is not controlled by the company, an employee wants to connect to the company's home page and gets a time limited one time access code.
The employee enters this on a cell phone.
The code is sent as an SMS to a server that can identify the person by the registered cell phone number.
Via SMS the server returns a time limited one time access code to the cell phone.
The employee enters the one time code on his computer. The server makes another check to see if he or she is the correct person. The server, which issued the one time code knows which code it should receive.
The end result is that the employee is identified without any use of specially installed security software on the computer
Goal and Benefits
The greatest benefit is that this solution provides for a fast and efficient distribution of a secure user identification for Web solutions, and in this light it can be considered a driver for E-Business. |
 Printerfriendly version |
