Jun 21, 2018

To get back to the topic of the SMS: What is it used for in business?

First: Strong authentication through transmission of onetime codes.

Second: Transmission of codes for the finalization of transaction processes.

Third: Transmission of flight data, parcel delivery information and information on activities you defined on assorted applications. The good thing is that you only need to know the telephone number.

Unfortunately, it is a fact that most users are more likely to know the mobile phone number of family members and friends than their own which is somewhat understandable as someone hardly ever calls their own number. The worst part about this is that phone numbers are being traded on the black market to the highest bidder for the distribution of SPAM or other malicious activities.

This means that I as a user only have to know my phone number. However, this also means that an attacker has known it for a very long time. If an attacker is aware of my phone number he is also able to get my SMS. Sure, you might say, but how does someone intercept an SMS? Very simple: “Ask Google”.

The SMS is and has always been prone to attacks. It has not been developed for the transmission of sensitive text messages. In my point of view, “Kisses” are more than worthy of protection, but more about that in another post.

Trusted Message Sign, a KOBIL technology based on more than 25 years of experience in the protection of digital identities solves this issue. The best part about this solution: I only have to memorize a PIN and receive messages on my smartphone, tablet or even desktop PC in form of push notifications and can confirm, deny or simply ignore them with preset responses.

Benefits at a glance:

2 channel, 2 device security level (Identity characteristics or other security elements are being transmitted through an independent security channel, invisible to other applications.)

Transaction cost-free (It’s not the few cents per transaction but the total amount that makes the difference. Send and receive as many interactions as you like.

No media interruption (I don’t have to juggle with two devices)

No external server (Everyone trusts the telco providers. I only trust the one I am able to control myself)
An example from the life of an online service user e.g. by online banking

Enter your username and password=OK

Please wait! You will receive an SMS with an access code. This code is only valid a single time=OK

SMS immediately opens up as plain text on my smartphone, I memorize the six-digit code and enter it on the portal – forgot the code or mistyped? Back to the SMS. It is also not possible to enlarge the message.

Following the successful entry of the PIN, I am done.

How does Trusted Message Sign work? (take a look at the video)

– Enter your username and password=OK
– An encrypted message is being received by the smartphone. Enter PIN to open the message.
– Check the content of the message. If required, the text of the message can be enlarged.
– Answer the message by either confirming or denying it.

I have seen a lot of things, but this solution is really creating some new and exciting possibilities – not just for strong authentication but for every interaction that requires a reply from me.

In short, Trusted Message Sign is not the first system interacting with me. But, it is the first system on which I can perform a binding interaction with my identity.

Next time, I will tell you a few stories of my daily life in which I would have wished to have such a technology.

Özgür Koyun