Nok Nok Labs adds Trusted User Interface to enable secure mobile payments
Nok Nok Labs announced it has added trusted user interface capability to the FIDO-Ready NNLTM S3 Authentication Suite, enabling the company to deliver stronger end-to-end security.
This new solution from Nok Nok Labs, coupled with Trustonic‘s ARM TrustZone-based trusted execution environment, ultimately improves security levels across mobile payments, m-commerce and the payments ecosystem as a whole.
“Consumers can already replace passwords with fingerprint authentication on smartphones and tablets which utilize standards-based specifications such as FIDO,” said Rob Coombs, security marketing director at ARM. “Nok Nok Labs’ inclusion of a trusted user interface based on ARM TrustZone technology brings advanced hardware-based security to FIDO implementations, offering increased confidence to consumers and cloud service providers. It will help to accelerate the move to simpler, stronger authentication for everyone.”
It accomplishes this by isolating all user authentication and transaction verification from the Rich OS, providing an additional layer of security against malware attacks as well as providing strong consumer protection.
The trusted UI functionality, which is used in the FIDO specifications to support transaction confirmation, enables Nok Nok Labs to deliver stronger end-to-end security to its service providers and their customers.
Trusted UI supports the implementation of a secure pin pad for devices that do not offer any biometric verification processes, as well as prevents Man-in-the-Browser attacks by activating the FIDO authenticator using this secure pin pad and transaction confirmation display.
With Trusted UI functionality, only verified users are authorized to enter the PIN. And since the user will be able to view and approve all attempted transactions, the content of the signed message cannot be altered.
“The addition of Trusted UI to our authentication security solution is an important building block in protecting user authentication against mobile malware attacks,” said Rajiv Dholakia, vice president of products at Nok Nok Labs. “With the increased use of mobile banking applications, this is particularly beneficial for the financial and payments sector. This industry sees extremely high-value and highly-sensitive transactions, and we recognized the importance of providing an even greater level of security to our customers so they could in turn confidently assure their users that their data is safe and secure.”