cryptographic services

mSign Mobile MFA

Salt mSign is a mobile MFA token for authentication of user identities and verification of transactions.

salt msign

Salt mSign tokens provide contemporary mobile MFA security token for authentication of user identities and verification of transactions independent and decoupled from the delivery channel that initiated the request.

Salt mSign is a contemporary mobile security MFA token for authentication of the user identity during login and authentication/verification of transactions after login. Salt mSign is ‘connected’ in that the authentication responses are returned directly to the Safetronic authentication platform thereby enabling authentication that is independent of the delivery channel that initiated the request.

What can mSign do?
Biometric Password-less Login

Biometric Password-less Login for strong user authentication during log on to digital channels replacing traditional username/passwords.

Multi-Factor Authenticator

Multi-Factor Authenticator for all the organisation’s Mobile Apps Supporting Multiple Methods of Sign-In & Authentication Independent of the service delivery channel.

Single Authenticator

Single Authenticator for all the organisation’s Mobile Apps Supporting Multiple Methods of Sign-In & Authentication via Inter-App.

Use cases

Password-less Biometric Login

Password-less Biometric Login to Internet Banking, e-Government Portals and Corporate online Services

High Value Transaction Signing

High Value Transaction Signing with WYSIWYS (What You See Is What You Sign)

Quorum Approvals and Advanced Workflows

Quorum Approvals and Advanced Workflows with separation of duties where the Initiator of Payment Instruction is not authorised to approve; with multiple Authorisers

Improved security

Improved security and mitigation of common MitM/MitB attacks

A Single Authenticator

Single Authenticator for other Mobile Apps on the same device

Hardware Token Replacement

Hardware Token replacement

How does mSign work?
msign workflow
  1. User initiates a Transaction (or Password-less Biometric Login)
  2. Relying Application requests multi-factor authentication for a Transaction Summary
  3. Safetronic sends an Authentication Request to the User’s Salt mSign security token
  4. User Biometric (or PIN) is used to sign-in to Salt mSign
  5. User reviews a summary of the Transaction Summary received
  6. User Approves/Declines the request
  7. Salt mSign generates a cryptographic signature of the Approval/Decline and submits the Authentication Signature response directly back to Safetronic
  8. Safetronic validates the cryptographic signature and returns the authentication response to the Relying Application
Benefits of Salt mSign
Salt mSign mobile tokens operate as a single authenticator that can be used identically across all digital services to create an independent channel for authentication whereby the authentication requests and responses are direct with the user’s Salt mSign token
The use of Salt mSign’s unique Inter-App capability enables mobile apps to leverage the authentication capabilities of Salt mSign with minimal changes to their mobile apps. This avoids significant app re-engineering to accommodate a security SDK, and moreover provides a consistent and frictionless authentication workflow, regardless of the channel being used. Salt mSign will seamlessly accommodate situations where Salt mSign is resident on the same device as the app or on an alternate device
Salt mSign provides a cryptographically based authentication service that utilises internationally recognised and approved standards for signature generation that provide surety that the authentication signature was generated on the registered device; and through biometric or PIN based authorisation, that the user was in charge of the device at the time of signature generation and submission to the authentication service
Salt mSign tokens comply with contemporary standards and specifications as prescribed by NIST. This applies to the use of particular cryptographic and related algorithms, cryptographic key usage and e-Authentication assurance guidelines in respect to multifactor authentication. Salt mSign has been reviewed independently by Trusted Labs in France
Technical Info
  • Supported on Android and iOS
  • On-device cryptographic signature generation using a protected unique key
  • Supports multiple methods of delivering authentication requests: Push Network, Encrypted QR Codes and Inter-App
  • Biometric (Face, Fingerprint) and app PIN with central policy Biometric enforcement
  • Dynamic Linking, WYSIWYS (What You See Is What You Sign)
  • Strong User & Transaction Authentication: Knowledge, Possession, Inherence
  • Runtime App Self-Protection (RASP) Anti-cloning and Jailbreak/Root detection
  • Advanced electronic signatures uniquely linked to the signer
Patents

Salt mSign authentication method is protected by patents in the U.S. and other countries.

  • U.S. Patents: 11/665,719
  • Publication: US2008/0046988 A1
  • Classification 726007000

Find out more about our suite of services!