Computer giant IBM has added a two factor authentication solution to its IBM Worklight mobile app platform, providing "an extra layer of security when using an NFC-enabled device and a contactless smart card to conduct mobile transactions."
IBM Worklight is used by the company's clients to develop and manage secure mobile applications for consumers. From today, companies will be able to offer the new method to consumers through their apps.
The two factor solution eliminates the need for the consumer to carry an additional device — such as a one-time code generator, often used in online banking on a PC — when carrying out transactions from a mobile device.
"The user simply holds the contactless smart card next to the NFC reader of the mobile device and after keying in their PIN, a one-time code would be generated by the card and sent to the server by the mobile device," says IBM.
IBM's model turns the accepted role of an NFC phone on its head by using the smart card as, in effect, a remote secure element — the phone takes a challenge over the air from a remote server, passes it to the secure smart card, and then passes back the response.
A video from IBM shows the technology in action:
The system works today with NFC devices running Android 4.0 and up. Future updates will include support for additional operating systems, "based on market trends."