Online Identity Authentication

In electronic business activities, digital certificates may be regarded as an electronic identity card, which marks and tells the certificate holder from all other users. With digital certificates, the certificate holder can carry out secured communication, to deal with affairs and handle their trading activities.

Current situation

Currently, there are generally three types of media for storage of digital certificates: hard drive floppy drive and USB keys. A digital floppy disk can only be used as backup of the certificate and certificates must be imported to hard drive before being can be used.

Challenges

There are three disadvantages of certificate being stored on computer hard drive:

• Not so easy to carry,
• Not safe enough and may be lost
• may be easily infected by virus which causes the loss of such certificate.

Longmai Solution

If the digital certificate is stored in an IC card, it is very easy to carry and not easy to get lost but IC card must be used with card readers thus not very convenient. On basis of the security issues in online transaction, we present the portable certificate storage media – mToken network identity authentication series product. The mToken is a hardware connected to computer system via USB port and has an integrated CPU and memory.

Feature of Longmai mToken identity authentication key

• Convenience: It is small in size and therefore is easy to carry. It adopts USB ports and supports hot plus and they user only needs to unplug the key from the USB port to take the sensitive data with him.
• Flexibility and applicability: With the Integrated Development Environment provided in mToken software development kit of Longmai, software developers can easily develop a variety of application programs on basis of mToken. In addition, mToken also supports programming languages such as VC, VB, Java, ASP, CGI, PHP and .NET.

mToken Security

Security

mToken realizes MD5-HMAC Impulse/Response authentication and RSA algorithm at hardware level, which ensures that the personal digital certificate is securely stored in the mToken and no identity information will be disclosed or exposed to hacker attacks or virus. mToken has an important authentication mechanism – two-factor authentication. When mToken is used, the holder has to enter a PIN to form the two-factor authentication mode, which means that in addition to the mToken PIN, the visitor has to hold the hardware device of mToken to pass the identity authentication. In such case it can further enhance the security. mToken provides three security status at hardware level, namely the super user, user and anonymous user. A super user is generally set as the administrator and has the supreme authority. A super user can configure the important parameters on mToken; as a user with limited authority, a user can access and modify a part of functions on mToken and the customer is usually set as a user; while anonymous user is the default operation of mToken, it can only read limited public information but cannot edit it.

Stability and compatibility

Data stored in mToken will be effective for a period of at least 10 years and it allows over 100 erasing operations and supports PC/SC,ISO7816, T=0, T=1 (some products of the sme type do not support T=1) and other industrial standards. At the same time, in addition to the common operating systems such as Windows98/2000/ME/XP/NT4.0, mToken also supports some other operating systems, such as MAC OS 8/9 and Linux.

Applications of mToken

One of the applications of mToken is the carrier of digital certificate in PKI system and may be tailored for PKI applications. It has a built-in key or has a digital certificate inside so as to it is used to identify the user. mToken can meet identification needs at both the server side and client side. The product adopts a unique encryption manner; can effectively avoid the virus and hacker attacks in information transmission process during online transactions. The mToken product series are applicable in all industries with needs of network security, such as:

1. Banking
2. identity authentication and digital signature process in security industry
3. online transaction and network payment
4. client identity authentication process by providers of paid content and application services (such as paid websites, electronic newspaper and software downloading) on their clients
5. the identity authentication process when employees of confidential organizations and departments access the confidential information of one another
6. the remote charging and remote booking scenarios, such as remote ticket and room booking, remote payment of road charges and remote payment of telephone charges.