If your company is worried about Phishing and Skimming, Keytel can help you.
Keytel Authentication
Keytel Authentication
Just send an blank email to a one-time email address from your mobile phone and authentication is complete!!
To summarize, your mobile phone becomes your "key" to the world of the Internet. From now on, you will no longer need to remember easy to forget user IDs and passwords, nor will you need to carry around password generators or password cards . In addition, you will no longer be subject to Phishing and Spyware.
Watch a demonstration >>
Find out about Keytel Authentication (Dial Version) >>
Explanation of Keytel Authentication (email version)
Please read on for an easy to understand explanation about how Keytel Authentication works
Authentication Procedure
- 1.PC An access request is made to a website requiring log in upon user action.
- 2.Server One time email address is created and the PC requesting access is notified.
PC The PC is notified of the one-time email address is displayed as a QR Bar code (In the case of ordinary authentication technology, the user ID and password input boxes are displayed.) - 3.Mobile Phone A QR Bar code displayed on a PC is scanned. The one-time email address is set as the recipient (TO) and the mobile phone email address is set as the sender (FROM) and a blank email is sent.
- 4.Server A blank email is received. The received blank email provides the server with the recipient email address as well as the sender email address.
- 5.Server The server identifies the PC from which the one-time email address was sent from the countless PCs connected to the Internet (This is possible since only 1 PC in the world has been notified of the applicable one-time email address.)
- 6.Server The user is identified from the sender's email address (This identification is possible because the user's mobile email address has been pre-registered on the server). In the case of normal authentication technology, user identification is done via user ID and password input. Keytel Authentication (email version) uses the user's mobile email address (from which email can only be sent by the user) for authentication.
- 7.Server If the identified user is approved for log in, log in is authorized. In this case, the PC is notified of log in approval.
- 8.PC The PC receives notification of log in approval and the log in process is complete.
Terminology
■Password Generator
A device that generates a one time password.
■Phishing
A type of fraud where an user is led by fake email purportedly from a legitimate banking institution etc. to a fake website which attempts to steal information such as users IDs, passwords, and credit card numbers. This type of fraud is increasing in the US and is becoming an issue in Japan as well.
■Spyware
Software that tracks user actions and collects personal information.
■One-time email address
An email address that is used only once for authentication. The email address is destroyed once authentication is complete. When an email is sent to a one-time email address, correspondence between email communication and communication with the web site can be detected.
■One-time telephone number
A telephone number that can be received by a server of which notification is given to a specific PC withing a specified time window. By receiving a call from a one-time telephone number, a server can detect correspondence between the telephone communication and HTTP communication between the PC and the website.
■QR Bar code
A 2D bar code that can be scanned by a mobile telephone camera. Information is represented by black and white lattice patterns.
 |
This is a link to Keytel's official mobile site. You can access the site by scanning the QR Barcode to the left. |
Information Download
You can download information here.
Information in PDF format about Keytel Authentication >>
In order to view PDF files, you will need Adobe Reader.Adobe Reader
Please download viewer software from the Adobe Website
Implementation Advantages
Counter-measures against phishing and spyware
・Want complete protection against phishing.
・Cannot distribute hardware such as password generators to all users.
Examples) Banks, Security companies, large portal sites
Preventing user loss
・Want to prevent user loss due to forgotten passwords.
・Want to minimize time and effort for user ID and password management.
Examples) Insurance, Shopping Sites
Creating a leading-edge image
・Want to implement new technology before others.
・Want to process two types of communication at once.
Examples)Leading Internet Providers, Communications companies
Demonstration
Authentication will be done using email instead of ID and password.
The ID and Password input box will not be displayed. A one-time email address will be displayed instead.
Use your mobile phone to scan the QR Bar Code and send an email before pressing the "authenticate" button.