User Experience

A single mobile phone experience is a key market requirement that PSMP fulfills for all security levels, including PSD2-compliant strong authentication.

Our game-changing solution combines extraordinary user experience with high security in mobile environments.

The Protectoria Secure Application has built-in support for three different levels of security and varying interaction scenarios.

  • Low risk: enter PIN to log in. Authorize the transaction by pressing “OK”.
  • Medium risk: enter PIN to log in. Authorize the transaction by entering the PIN or with a fingerprint.
  • High risk: enter PIN to log in. Enter PIN and a TAN received by voice call to authorize the transaction.
CONTACT US

Protection against attacks

The PSMP solution offers a full set of unique security mechanisms:

  • An application-level Trusted Execution Environment providing security for the applications.
  • A secure communication layer with certified cryptography.
  • A secure storage layer making the local storage unreadable unless the client receives a unique key from the server.
  • A secure display layer protecting against overlays and any attempts at modifying what the user sees.

To learn more about these mechanisms, please see the technical white paper

CONTACT US

Unique security mechanisms

This table compares the Protectoria solution with some other industry solutions:

Trusted Execution Environment

The PSMP Trusted Execution Environment (TEE) operates within the application layer and is completely server-side controlled. It provides active protection mechanisms with patent-pending security solutions, such as just-in-time transfer of code blocks – both valid ones and honeypots – with large entropy and extensive, device-unique integrity checks.

PSMP turns cybercriminals’ own weapons against them and reduces the possible attack surface to close to nothing. The entropy and the limited time available to launch an attack increase the potential costs of attacking the app, thus exponentially reducing the criminals’ ROI. Compared with other methods, such as dedicated hardware deployment, increasing the defense entropy is an extremely cost-efficient way of defending the app.

The PSMP server generates a unique one-time TEE per device, customized in size and complexity depending on the resources of the platform. The TEE is self-contained within the application layer, as it always assumes the OS is controlled by malware and its components cannot be trusted.

The TEE is continuously morphing in unpredictable ways determined by server updates. The unpredictability is based on a randomization of all the parts of the running TEE, including secure storage, secure communication and (possibly) secure display.

The randomness has a huge and configurable entropy that can be tactically increased, such as if honeypot-based anomalies have been detected.

The entropy efficiency is scaled by having a very small validity time of the just-in-time injected code blocks and considering the limited computational resources of the device, which TEE itself is strongly bound to.

A mass attack on a PSMP-protected device is considered to be practically impossible, since the TEEs load huge complexity and correlation efforts across all the morphing TEEs onto the attacker.

STANDALONE

In this scenario, the client side is either a separate executable or an independent library that can be bundled with an existing application. The user interface is branded to look similar to your existing application, and the only purpose of PSMP is to secure authentications and transactions.

Ideally, the user should not notice the switch between the existing interface and PSMP. In this implementation, the application is split in two: a normal, fast, user-friendly part, and a “super secure” part, which only handles the secure tasks.

INTEGRATED

In this scenario, the developers can implement elements and functionalities of PSMP into an existing application using the provided SDK.

TRANSACTION SECURITY

The Protectoria Secure Mobile Platform is a generic solution and can be used in cases such as the following:

  • Retail customer of a mobile bank or a money remittance service:

Authentication, transaction authorization, document and transaction signature.

  • Enterprise customer with a mobile user base:

Transaction authorization, document and transaction signature and enterprise system security.

The Protectoria Secure Mobile Platform is particularly well suited for payment service providers targeting the consumer market, as they are likely targets for malware. The recent EU Payment Service Directive (PSD2) has shifted the liability for transactions to the payment service provider if the provider cannot show that strong authentication has been used.
The Protectoria Secure Mobile Platform is focused on a single goal: helping payment providers protect their authentication and transaction authorization systems, which are the most likely target for attacks.

Payment Transaction Security

A crucial challenge posed by the the PSD2 is how to translate into practice the separation of responsibilities and liabilities. By using a secure platform such as PSMP, it is possible for a third party to initiate the authorization process without being involved in the processing of the credentials.

Get in touch

OPERATE CONSISTENTLY

The PSMP transaction security mechanism is generic. This means that it can be implemented in an omnichannel scenario, as it is completely agnostic of the context of the transaction and its channel of origin.

In such an implementation, the PSMP secure app appears as a pop-up, prompting the user to verify the transaction. It functions in a manner similar to the many services that alert their users about suspicious activities and ask for their consent, for instance in case of suspected card transaction fraud.

SDK API

On the client side the Protectoria Secure Mobile Platform is provided in two ways:

  • As a separate executable or library that can be bundled with an existing application, but branded to look similar to it, and which only purpose is to secure authentications and transactions.
  • As a SDK, where parts of the full Protectoria Secure Mobile Platform functionality can be implemented in an existing application.

In the first case the user should not notice switching between existing/non-secure functionality. In practice this means that the application is split in two: A normal, fast, user friendly part, and a “super secure” part, which only handles the secure tasks. In the second case it is up to the developers of the application to use functionality from the SDK as they see fit.

SECUREREPAY PSD2 FRAMEWORK ETC

PSMP has undergone a third-party security evaluation, as required under PSD2.

SECUREREPAY PSD2 FRAMEWORK ETC

  1. Recommendations for the Security of Internet Payments, Final Version after Public Consultation, European Central Bank, Eurosystem.
    https://www.ecb.europa.eu/pub/pdf/other/recommendationssecurityinternetpaymentsoutcomeofpcfinalversionafterpc201301en.pdf?95e6bba1ef875877ad3c35cf3b12399c
  2. [SecuRePay_Guide] Assessment Guide for the Security of Internet Payments, February 2014, European Central Bank, Eurosystem. https://www.ecb.europa.eu/pub/pdf/other/assessmentguidesecurityinternetpayments201402en.pdf
  3. [FAQ] Fragen und Antworten zu den Mindestanforderung an die Sicherheit von Internet zahlungen (MaSi), BaFin, 2016-06-24 https://www.bafin.de/SharedDocs/Downloads/DE/FAQ/dl_faq_rs_1504_ba.pdf?__blob=publicationFile&v=3

The Protectoria Secure Mobile Platform protects against all current threats!

With us, you can feel safe even from malware targeting your app in particular. In the event of malware targeting just one installation of your app, all the other installations will be kept safe and unaffected.