Our Solution

SecureKey enables service providers to use contactless cards or NFC mobile phones currently deployed to customers as a “what you have” factor to implement strong online mutual authentication. Thus, in addition to ‘something the customer knows’, i.e. username and password, the service provider can ensure that the customer has also authenticated with ‘something the customer has’ in-hand before connecting to the secure online service.

In order to authenticate, the customer simply touches his/her contactless form factor to a personal SecureKey token. The cryptographic capabilities of the token enables mutual authentication with the service provider’s web server using industry standard x.509 digital certificates using SSL/TLS secure communication protocol. This process is completely invisible to the customer. When authentication is successfully completed, a secure, encrypted session is established between the user and the online service.

The SecureKey token is a special purpose USB secure contactless reader that is built with a Common Criteria certified secure element. It can interact with a variety of contactless form factors, such as a MasterCard PayPass or Visa payWave payment card, HID iClass access control card, NFC compliant mobile handset or any other contactless form factor that supports proximity (ISO/IEC 14443) or NFC (ISO/IEC 18092) contactless communication protocols.

The contactless form factor is only ever read by the SecureKey token and is never visible to the customer’s computer. This approach protects the contactless form factor details from any rogue applications on the customer’s computer that may otherwise attempt to steal or copy them.

The SecureKey solution is portable, browser independent, firewall and anti-virus friendly and does not require any software or plug-in installation on the customer’s computer.