3. NOW
In 2015, Symantec
Reports 160 Billions lost
on network security
issues.
In 2015, 300 millions PC
and 2 billions production.
TREND
Background
Tokenless
Cloud based authentication
Big data
online and mobile
applications are highly
susceptible to cyber-
attacks and frauds, have
become increasingly
sophisticated.
4. Background- Traditional Security Technologies limitation
Infrastructure of Information Security is Cryptography
OTP & PKI based on black box Algorithms
Traditional Cryptography Limitation
Public Algorithms + Key
Fixed & public Algorithm,, Private Key
Key and hardware protection.
Challenge
Mobile Device without hardware protection
Key, easy to be disclosured in Open OS.
Extra hardware device not easy to carry
out and complicated operation is not
friendly for end users
Convenience Requirement
5. SOTP Functions
SOTP(Super One-Time-Password), a unique
and strong Multi-Factor Authentication Solution,
adopts a new cryptosystem based refactoring
algorithm, to ensure the reliability of cross-
platform mobile and web application
SOTP Enhanced Authentication
Channel Encryption
Storage Encryption
Tokenization
Multiple Factors
Bi-Directional authentication
Without Keys
Dynamic algorithms
Bi-Directional authentication
Create Channel encryption
Multiple Factors
Dynamic algorithms
Sensitive information tokenization
6. SOTP Features
Flexible Products
SOTP could be plug-ins, SDKS, or whole
security solutions for Data encryption, channel
encryption and Authentication.
Multi-Factors
SOTP authentication factors includes Time,
geolocation, Hardware device, APP
information, Action and others
Tokenless
Compared to OTP and PKI tokens, which have
the unique key inside of tokens and public
algorithms.
SOTP has the unique algorithms for each user,
supports algorithms updating via plug-ins.
Ensure security of online and mobile
application while keeping it convenient and
transparent for users.
7. SOTP Structure
Payment Application System
SOTP
ServerApi
SOTP
ServerApi
SOTP Client API
Intranet
Internet
SOTP HSM
SOTP
Authentication
Server
SOTP Plug-ins
Server
SOTP Authentication System
SOTP Database Server
SOTP Client API
SOTP Client API
8. SOTP Application- Register
✧ SOTP Logon
✧ SOTP Secure Payment
✧ SOTP SMS Encryption
✧ SOTP Channel Encryption
✧ SOTP Data Encryption
✧ Risk Control System (Option)
SOTP Secure Solutions:
Payment
实名认证
Mobile
Logon
SMS
Channel
Encryption
PC Logon
Data
Encryption
SOTP
First Time Register
Upload ID
Card
Verify ID
Download
SOTP
Take dynamic video
or photos and
upload
Verify
ID and
Phots
✧ Verify ID correction
✧ Verify ID and Photos consistency
✧ Download SOTP
9. SOTP Application- Authentication
Download Plug-ins
Mobile Device
APP
Payment APP
SOTP Plug-ins
Person-Algo
Bi-directional
SCP
Payment Server
Application
System
SOTP
Auth
Server
HSM
Device
APP
code
User
Multi-factor c
alculate pass
word
Bi-direction
Channel encr
yption
Mobile Device
APP
SDK
Payment server
Application
System
SOTP
Downloa
d Server
HSM
Device
APP
code
User
1. Get hardware device information from APP
2. Submit APP information to SOTP download
server.
3. Accord APP information to generate unique
algorithm.
4. Combined unique algorithms and keys to
distribute to end user app via plug-ins.
Authentication & Transmission
1. Check plug-ins status
2. Calculate passcode with multi-factors
3. Submit the passcode to server
authentication
4. Authentication successful, generate session
key to guarantee the transmission security.
10. 1. APP Server encrypted SMS via SOTP
Server, SMS only can be decrypted by
unique plug-ins mobile client .
2. Encrypted SMS send to SMS gateway,
then transfer to mobile client
3. Decrypted SMS via SOTP plug-ins.
SOTP SMS Encryption
1. Data encryption key is managed by SOTP
Server.
2. Encrypted local key by SOTP, and decrypted
local key by unique plug-ins.
3. Dynamic data protection through SOTP SDK.
4. Supports SOTP Key updating by update plug-
ins
Data Encryption
SOTP Authentication Solutions
Mobile Device
APP
SDK
APP Server
APP
Server
SOTP
Server
SOTP
Databas
e
Device
APP
code
User
Mobile Device
APP
SDK
APP Server
SMS
Gateway
APP
Server
OTP
Server
Device
APP
code
User
11. 1. Input username on PC, and send it to
server
2. Verify user and send logon request to
mobile device
3. Confirm logon request on mobile device,
and send it to server
4. PC logon successful
PC client Logon (1)
Mobile Device
APP
SOTP Plug-ins
APP Server
APP
Server
SOTP
Server
Device
APP
Code
User
Input username on
PC Browser or client
PC Client
1. Generate QR code
2. Scaning QR code, generate logon request
through SOTP
3. Verify mobile client logon request.
4. PC logon successful
PC client Logon (2)
Mobile Device
APP
Scan QR code to
generate logon re
quest
APP Server
APP
Server
SOTP
Server
Device
APP
Code
User
Generate QR code on
PC Browser or client
PC Client
SOTP Authentication Solutions
12. Provide cost-effective hardware OATH
tokens for existing application
1. Hardware Solutions
Agile SDK for easy integration
3. SOTP Mobile SDK
SOTP Authentication Solutions For QIWI
2. Risk Control Mechanism
Multi-Factors logon to guarantee Mobile
user identification. Detected Mobile Root &
Jailbreak, provide risk control system based
on different user habits, location, mobile
device UDID
4. Flexible Solutions
1. Enhance Authentication Security
2. Data Storage Security
3. Bi-directional authentication
4. Channel Encryption
5. Tokenization