contact@augmented-security.net

128 rue de la Boétie 75008 Paris

SECURITY OF SOLUTIONS

Security features of the Augmented Security authentication engine

MAIN SECURITY FEATURES OF THE AUGMENTED SECURITY AUTHENTICATION ENGINE

01

Strong 2-factor authentication

- Hardware signature of the smartphone (processor serial number...).
- Personal code defined by the user during enrolment.

02

3 levels of resistance to "Man In the Middle" attacks

- Smartphone - Authentication Server link realized in https / TLS V1.2 with complete certificate verification.
  - Encryption of all exchanged data with a 256-bit AES session key.
  - Over-encryption of sensitive data (SHA 512, PBKDF2).

03

Resistance to Phishing

- AES session key sent by the smartphone application encrypted with the public key of the authentication server.
- X509 certificate of the authentication server verified by the smartphone application.
- Different 2048bit public/private RSA key for each authentication server.

04

Same level of security in disconnected mode as in connected mode.

05

Secure smartphone application

• Aucune donnée stockée par l’application smartphone (aucun fichier de données)
• Code de l’application entièrement obfusqué (appels système masqués…)

06

User identity protection

- Smartphone - Authentication Server link realized in https / TLS V1.2 with complete certificate verification.
  - Encryption of all exchanged data with a 256-bit AES session key.
  - Over-encryption of sensitive data (SHA 512, PBKDF2).

07

Augmented Security Authentication Engine has undergone 2 positive security audits by 2 external companies

- A "white box" audit (software sources provided).
- A "black box" audit.

en_GBEnglish
pt_BRPortuguese fr_FRFrench en_GBEnglish