All GenMsecure’s solutions rely on the strong Authentication Engine based on company patents.
This Authentication Engine is composed of the Authentication server and a mobile application running on a smartphone (Android, iPhone and Windows Phone).
The Authentication Engine has 2 working modes: a "connected" mode when either "data" or Wi-Fi network is available and a "non-connected" mode when none of these networks is available.
Whatever the working mode is, after authentication service enrolment, the Authentication Engine does not use sms to send data to smartphones. There is, therefore, no associated cost.
Authentication Engine in connected mode
The principle of GenMsecure strong authentication/validation in "connected" mode is simple:
1. GenMsecure authentication server receives authentication/validation requests from an external website (e-banking, e-commerce...)
or from a banking server or other server type...
2. User's smartphone receives a notification and is activated. The smartphone application displays the message received
in the authentication request and asks the user to accept or refuse.
3. If the user accepts, then she/he enters her/his personal code in the smartphone application.
4. The authentication server replies to the website (or banking server, etc....) that the authentication request is validated or refused.
Authentication Engine in "non-connected" mode
The principle of GenMsecure authentication/validation in "non-connected" mode is based, on one hand, on a QR code generated by authentication server and read by the smartphone application and, on the other hand, on an OTP (One-Time Password) generated by the smartphone application.
1. GenMsecure authentication server receives authentication/validation requests from an external web site
2. The authentication server creates an enciphered QR code including the message to be validated by the user
3. The smartphone application reads the QR code then displays the message to be validated
4. If the user agrees, then she/he enters her/his personal code
5. Smartphone application then computes and displays an OTP (One- Time Password)
6. The user has about 30 seconds to enter this OTP on the website.
If she/he does not have enough time to enter the OTP, the smartphone application displays another OTP...
7. The authentication server replies to the website (or banking server, etc....) that authentication request is validated or refused.
Authentication Engine main characteristics
The main characteristics of the GenMsecure Authentication Engine are the following:
o a 2-level strong authentication based on:
• Smartphone hardware signature (not related to SIM card)
• Personal code defined by the user during authentication service subscription
o Easy and intuitive usage
• Authentication is made simply by entering the user’s personal code on her/his smartphone (same as for "pin code")
o High level of security
• Resistant to « Man in the Middle » attacks
• Resistant to « Phishing »
• No persistent data stored by smartphone application
• No user personal information but phone number is stored in the authentication system
o Simple and secure "non-connected" mode when both "data" and Wi-Fi networks are not available
o Easy integration in applications
• PHP and JAVA SDK are delivered for easy integration in Customer web sites (calls to Web services provided by Authentication server)
• GenMsecure delivers customized smartphone applications with customer's logo and wall paper
• Mobile SDK is provided for a full integration in the customer mobile applications
GenMadmin, common administration software for all GenMsecure solutions.
GenMadmin permits the administration of all GenMsecure Solutions:
• User management (filtered lists, creation, deletion, block, unblock)
• Authentication history with filtering capabilities
• Statistics (users, authentications...)
• System information (licences, version...)
• Administrators account management
Obviously, GenMadmin access is controlled by GenMsecure strong authentication.