eCobra Token

eCobra Token is a software mini-application (midlet) for mobile devices; it serves for securing users' access to sensitive information or services within software applications while fulfilling very demanding security requirements. eCobra Token works without SMS or connection to the internet, so its use does not require any operating fees.

Product history

We developed eCobra Token as an alternative to solutions focused on smart telephones//smartphones. eCobra Token is compatible with commonly available mobile telephones. The only condition is support for Java MIDP 1.0 (which the Nokia 6310 already offers). eCobra Token can also be freely distributed with mobile telephones.

Concept

eCobra Token offers two basic functions:

  • Generation of authentication codes - single-use passwords for authentication. These codes serve for authentication, e.g. secure verification of the user's identity when signing in to internet applications. eCobra Token offers generation of single-use passwords in the challenge/reply mode.
  • Generation of MAC - single-use authorisation codes dependent on "signed" data. These codes are used for authorisation of entered requests, protecting the integrity of such entries and offering the possibility of secure verification that requests are entered by authorised users.

 

The end-user downloads eCobra Token (e.g. from the operator's website) to his/her mobile device (telephone). Activation data are sent to the user via a separate route (e.g. via SMS or e-mail).
Prior to the initial use of eCobra Token, the user activates the application and chooses a password which he/she enters upon each use (in order to protect against misuse, for example, in the event that the mobile device is stolen).
If, for example, the user wants to sign in to an internet application, an authentication code is generated simply by choosing this function or, as the case may be, the displayed application issues another challenge (challenge/response mode).
If the user wants to send an authorised request, MAC is generated using eCobra Token; the user must enter selected data of the request, which are then protected against unauthorised modification.

Technical properties

Authentication codes and MAC generated by eCobra Token have time-limited validity and are single-use - the MAC or authentication code loses its validity after one use. eCobra Token thus ensures security against attacks such as phishing and pharming.
Due to the dependence on the data of authorised requests, an MITM (man-in-the-middle) or MITB (man-in-the-browser) electronic key also guards against attacks.
The mobile device in which eCobra Token is installed is independent of a computer; an eCobra Token user can use any computer for worry-free access to sensitive data without risking misuse of eCobra Token.

Operating costs are connected exclusively with making eCobra Token accessible to end-users (for example, by making the application available for download on a web portal) and its activation (if SMS are used for sending activation data).
eCobra Token is user-friendly. It does not require any knowledge beyond ordinary use of a mobile telephone.

Home

Windows Azure, Windows Server 2008