If your company is worried about Phishing and Skimming, Keytel can help you.
Keytel Authentication
What is Keytel Authentication (Dial version)
Just make a call to a one-time phone number from your mobile phone and website authentication on your PC is complete!!
To summarize, your mobile phone becomes your "key" to the world of the Internet. From now on, you will no longer need to remember easy to forget user IDs and passwords, nor will you need to carry around password generators or password cards . In addition, you will no longer be subject to Phishing and Spyware.
Watch a demonstration >>
Find out about Keytel Authentication >>
Explanation of Keytel Authentication (Dial version)
Please read on for an easy to understand explanation about how Keytel Authentication (Dial Version) works.
Authentication Procedure
1.PC An access request is made to a website requiring log in upon user action.
2.Server A one-time number is allocated to the PC requesting access.
PC The one-time phone number is displayed. (In the case of ordinary authentication technology, the user ID and password input boxes are displayed.)
3.Mobile Phone The user makes a call including caller ID information to the one-time number delivered to the user's PC.
4.Server The server receives the dial tone and receives information about the telephone number of the caller and the one-time telephone number.
5.Server The server identifies the PC to which the one-time phone number was sent to from the countless PCs connected to the Internet (This is possible since only 1 PC in the world has been notified of the applicable one-time telephone number.)
6.Server The user is identified from the caller's telephone number(This identification is possible because the user's telephone number has been pre-registered on the server). In the case of normal authentication technology, user identification is done via user ID and password input. Keytel Authentication (dial version) uses the user's telephone number (which only the user can dial from) for authentication.
7. Server If the identified user is approved for log in, log in is authorized. In this case, the PC is notified of log in approval.
8.PC The PC receives notification of log in approval and the log in process is complete.
Terminology
*One-time email address
An email address that is used only once for authentication. The email address is destroyed once authentication is complete. When an email is sent to a one-time email address, correspondence between email communication and communication with the web site can be detected.
*QR Bar code
A 2D bar code that can be scanned by a mobile telephone camera. Information is represented by black and white lattice patterns.
*One-time telephone number
A telephone number that can be received by a server of which notification is given to a specific PC withing a specified time window. By receiving a call from a one-time telephone number, a server can detect correspondence between the telephone communication and HTTP communication between the PC and the website.
*Blank Email
An email sent without a title or body.
*Phishing
A type of fraud where an user is led by fake email purportedly from a legitimate banking institution etc. to a fake website which attempts to steal information such as users IDs, passwords, and credit card numbers. This type of fraud is increasing in the US and is becoming an issue in Japan as well.
*Spyware
Software that tracks user actions and collects personal information.
*Password Generator
A device that generates a one time password.
*CTI
Short for Computer Telephony Integration.
Refers to equipment that merges computers and telephony.
A representative example is a telephone call center system.
Information Download
You can download information here.
Information in PDF format about Keytel Authentication (686KB) >>
In order to view PDF files, you will need Adobe Reader.
Please download viewer software from the Adobe Website
Implementation Advantages
Counter-measures against phishing and spyware
・Want complete protection against phishing.
・Cannot distribute hardware such as password generators to all users.
Examples) Banks, Security companies, large portal sites
Preventing user loss
・Want to prevent user loss due to forgotten passwords.
・Want to minimize time and effort for user ID and password management.
Examples) Insurance, Shopping Sites
Creating a leading-edge image
・Want to implement new technology before others.
・Want to process two types of communication at once.
Examples)Leading Internet Providers, Communications companies