In future, Kobil's technology will enable SmartSecure App users to authorize transactions without entering TANs they have received by SMS or generated in a TAN generator. The solution is independent of the terminal device deployed and does not require any additional hardware to authorize transactions. It consists of a front-end and a back-end component. The front-end is the SmartSecure App. It is secured against copies made by dedicated devices, manipulation and the creation of fake-apps. Moreover, it provides various integrated security functions such as
- debugging and reverse engineering protection;
- security sensors (jailbreak-, malware-detection);
- protection against unauthorized usage (PIN);
- end-to-end encrypted community channel;
- unavailability for third party-applications.
- if the SmartSecure App actually runs on the initially registered device or has been copied to another one;
- if the running app still features its original code or has been modified;
- if the app's version is correct or needs to be updated;
- if the user enters the correct password to obtain details on the transaction.
Christian Valentin, Kobil's ING-DiBa project manager describes the functional principle of the 2-in-1-security approach designed by his company and deployed by ING-DiBa as first German bank institute. "The SSMS provided by us establishes an individual, fully encrypted communication channel to the SmartSecure App and carries out the specified routine tests. Once the secured connection has been established, clients can perfectly safely confirm the transactions made via the actual ING-DiBa app".