|
Obfuscated GIF
To prevent the security string from being captured from the screen display it is presented using a combination of irregular fonts and a random pattern background that cannot be read by OCR software.
The resultant obfuscated image can be read only be the human eye, which means the PIN cannot be captured from the combination of the security string and the OTC if someone is monitoring the screen activity. Each time a new security string is displayed it appears using a random combination of fonts and background as an added layer of security for the user's PIN.
 Go back
One Time Code (OTC)
The one-time-code is generated by the client device after the PIN is input. The digits of the PIN represent the positional markers of the OTC as they appear in the security string. The OTC transmitted to the server via an SSL link. The UserID and OTC are MD5 hash encrypted to ensure transmission is pure.
Go back
PIN
Swivel users are issued with a unique, 4 digit personal identity number (PIN). This is the only information the user needs to remember and keep secret when using the Swivel Data Access system.
The PIN functions as a positional indicator to extract the appropriate numbers from the security string to create the one-time-code (OTC).
The Swivel Frequently Asked Questions web page has more information on PINs. More...
Go back
Security String
A random 10 digit number containing non-repeating digits generated by the Swivel Authorisation Server for each access attempt. It is the core of the Swivel algorithm, which combines with the user PIN to produce a one-time-code. In single channel format it is delivered to the client PC with the PINsafe applet when the users logs on.
In a dual channel environment the security string is delivered to the user?s mobile phone or PDA in a level 3 SMS format in advance of an access attempt. It is held in the device?s memory until it is required, which means the user does not need to have cellular network access at the time of the logon.
Go back
|
