The 2012 SESAMES awards, which acknowledge the best technological innovations in terms of smart cards, digital security, identification, secure transactions and contactless systems, have selected Entersekt, as one of the 26 international finalists.
The awards, which are part of the CARTES trade show (the annual security, payment, identification and mobility event), will take place on 5 November in Paris on the eve of the opening of this year's show.
The Cape Town based mobile security software development company was selected out of 475 entrants for this year's Awards, when a panel of 38 judges chose finalists in ten categories, recognising the best project in each category.
Entersekt has been selected for its submission on Interactive Transaction Authentication. This is a solution for the banking sector, which allows financial institutions to take back control of communication with their users. Customers use their mobile devices, in an interactive secure session, to authenticate themselves to the bank's electronic services. It enables each transaction to be digitally signed, without a one-time password.
Traditional two-factor authentication, such as username password/one time password combinations does not work, says Entersekt's Christiaan Brand, "These are cumbersome to the end user, expensive for the enterprise and still don't solve phishing and man in the middle attacks. The OTP is sent, or generated in an out-of-band fashion, but re-entered into the potentially compromised band. Perpetrators can steal OTP just as they steal passwords - one valid OTP normally being enough to complete a fraudulent transaction."
"The company's solution allows institutions to uniquely identify each phone in the world - not by using a mobile number which they have no control over, but by trusting a mathematically unique X.509 digital certificate that is automatically installed on the mobile device by the Entersekt CA. This enables mutual SSL - an authentication technology uncompromised over the last 40 years - on any mobile device. Banks can leverage off the trust that is provided by this unique identifier - and can use this technology to digitally sign individual financial transactions using the private key that's kept confidentially on the phone," he concludes.