KOBIL and Dropbox develop 2FA-Login with QR-Scan

WORMS / HAMBURG – 10 October 2017 – The US provider Dropbox and the German security specialist KOBIL have jointly developed a login solution for Dropbox Business customers, which makes the two-level authentication at the collaboration platform easier. By logging into the KOBIL “Trusted QR-Login” app, Dropbox Business users can log into Dropbox via a QR code scan as of the end of October via 2-factor authentication.

Instead of e-mail address and static password, Dropbox Business users must scan a QR code provided for the secure application with the mobile “Trusted QR-Login” application from KOBIL to prove their identity and authorization against Dropbox. Business customers who already have a specific Dropbox URL can log on to the QR code even without specifying their e-mail address.

“Obviously, some complicated security processes have to take place for a secure 2-factor authentication in the background. But unlike classic 2-factor solutions such as one-time password, tokens, SMS or smartcards, the user does not notice it, “explains Tan Sarihan, Product Strategy & Innovation Leader at KOBIL.

This is also emphasised by Marc Paczian, Solutions Architect, from Dropbox Germany. “We are constantly developing new solutions to make our users’ 2-factor authentication as easy as possible. Passwords and their duplicate use are still the biggest weakness in online accounts. 2-factor authentication is therefore essential.”

The solution will be available from the end of October 2017. It works with the browser access to Dropbox as well as with the Dropbox Desktop Client and the Dropbox app on mobile devices. The QR code additionally secures access to Dropbox when requested from external or public devices. Key loggers and similar attack methods are powerless because no sensitive password or other logon data must be entered through the keyboard of the device.

The 2-factor authentication with Dropbox then runs as follows: A unique user-specific QR code is generated and displayed for the users. The existing LDAP or Active Directory user administration of business customers can serve as a basis for the system. The KOBIL components SAML Connector and Smart Security Management Server (SSMS) access this and use the identity stored there for the secure app.

The Dropbox customer scans the generated QR code with his smartphone and the app “Trusted QR-Login” installed on it. This separately secured app sends the scan automatically to the SSMS, which can then confirm identity and authorization to Dropbox. This requires two factors: the PIN (or touchID fingerprint on iOS devices) to unblock the app and the unique assignment of the KOBIL app “Trusted QR-Login” to the user’s smartphone. (A detailed technical explanation of the registration procedure can be found here)

“With the KOBIL” Trusted QR Login “integration, common customers can use the Dropbox login process simplify and speed up -and with the integrated safety logic from KOBIL. Our partners work together with us to deliver the security architecture that is not just Dropbox, but also other cloud and on-premise systems. KOBIL is an excellent example “, says Marc Paczian of Dropbox.

For Tan Sarihan, Product Strategy & Innovation Leader at KOBIL, the collaboration with Dropbox demonstrates KOBIL’s commitment to partnering with best in class solutions. “We offer optimally protected apps that, in cooperation with the Smart Security Management Server, can secure virtually any online registration and registration, while providing a high level of user experience Comfort and great simplicity.“

 

Technical explanation

The end user accesses the service provider’s service via a URL, in this case Dropbox. This request is forwarded by the service provider to the Identity Provider (KOBIL SAML Connector). SAML stands for Security Assertion Markup Language (SAML). This is an XML framework for exchanging authentication and authorization information. It provides functions to describe and transmit security-related information. At the same time, the KOBIL Smart Security Management Server generates a unique QR code. This is transferred to the SAML connector via a SOAP interface and displayed to the calling user.

The user uses the KOBIL app “Trusted QR-Login” to scan the QR code displayed in the Dropbox login process. The code is sent from the app to the SSMS mentioned above via an encrypted communication based on the user identity in the KOBIL virtual smartcard, where it is compared to the code displayed to the user on the Dropbox website. If the QR code is the same, the service is released to the user or, depending on the use case, he receives an access token with which he can log on to the service.

The app is hardened. Already during the initial registration, the registered smartphone is bound to the user. The app cannot be copied to other devices, an abuse is not possible. KOBIL’s SSMS, which is responsible for monitoring security, checks this device binding, checks whether the device is classified as safe, detects possible attacks on the app and their use (debugging, reverse engineering, key logger, etc.). Only when all security checks have been successful, the server establishes a protected connection. The entire process runs in quasi-real-time.

 

About KOBIL

KOBIL solutions are today a standard for digital identity and highly secure data technology. Founded in 1986, the 120-strong KOBIL Group, headquartered in Worms, is a pioneer in smart card, one-time password, authentication and cryptography. The core of the KOBIL philosophy is to enable continuous identity and mobile security management on all platforms and all communication channels. Almost half of the KOBIL employees are involved in development, including leading specialists in cryptography. KOBIL plays a key role in the development of new encryption standards. Commerzbank, DATEV, German Bundestag, Migros Bank, Société Générale, UBS, ZDF and many others rely on and trust in KOBIL.


Contact

KOBIL Systems GmbH
Corporate Communication
Pfortenring 11
D-67547 Worms

Tel. : +49-6241-3004-959
Fax : +49-6241-3004-80
E-mail: marketing@kobil.com

 

About Dropbox

Dropbox keeps more than 500 million registered users on the same page with easy-to-use collaboration tools and the fastest, most-reliable file sync platform. From the smallest business to the largest enterprise, we make teamwork better. For more information, please visit dropbox.com/news.

For more information about Dropbox and DBX Platform, click here.

Contact

Larissa Haida, PR Manager Dropbox
Tel. +49 (0) 40 8000 84 618
E-Mail: larissahaida@dropbox.com