SecureOTP

One-time password (OTP) tokens help protect online data. But alone, they leave sensitive information vulnerable to Phishing, Pharming, Man in the Middle (MITM), and Man in the Browser (MITB) attacks.

Close your OTP vulnerability with SecureOTP. By validating elements of the unique communication channel between client and server, SecureOTP ensures that data can only be transmitted between authorized parties, eliminating Phishing, Pharming, MITM, and MITB attacks.

Unique Design
The SecureOTP client plug-in uses KeyID’s patent pending technology to integrate user authentication information with the underlying SSL communication channel that is unique to the session, such as Client IP address, Server IP Address, the Public Key, and a random session number.

The server generates the same combination of figures and compares them against the data received from the client, confirming that the valid client is sending the data and there is no man in the middle. Since the original OTP is never transmitted through the communication channel, the attacker cannot recreate the encrypted values for the channel and cannot access the server.

Convenient for Customers
SecureOTP is a light-weight plug-in that works with common browsers. Your customers can download the plug-in quickly and easily from your institution’s website or KeyID’s website. They don’t need to register or obtain certificates, making SecureOTP easy to deploy and manage.

Virtually No Infrastructure Impact
You don’t need any special devices or software on your server to use SecureOTP. Internal deployment involves just a few lines of code.

Works with Existing Devices
SecureOTP works with any OTP device, including challenge-only tokens, challenge/response tokens, and even Text Message OTP. The plug-in has been proven with devices from providers like VeriSign, RSA, and VASCO.