Simple, secure mobile push authentication and verification solution

HID Approve™

Benefits Features Specifications Differentiators

2

Introduction

HID Approve™ is a next-generation mobile multi-factor authentication solution. By combining public key-based cryptography with mobile push notifications, HID Approve™ delivers a simple and secure way for users to authenticate their access requests and verify their transactions. With a simple swipe gesture, you get proof-of-possession for “something a user has” to achieve strong two-factor authentication. With a comprehensive set of security customizations, including requiring a PIN to open, organizations can strike a balance between security and usability.

3

HID Approve™: How it works

To log in or verify a transaction, a request is sent to the authentication server where a push notification is triggered and sent to the registered mobile device by the iOS or Android service. No personal identifiable information is included in the push notification.

Transaction details are passed between the mobile device and the server over an out-of-band secure channel. This prompts the user to validate their login request by a swipe gesture. Once approved, the authentication server triggers a verification response to the banking application, and the login is successful.

Push Notification

Broker

UserApplication

ActivID®

AuthenticationMobileDevice

Out-of-BandSecure Channel

!

USERAPPLICATION

USERAPPLICATION

MOBILEDEVICE

Step [ 1 ]User signs in

Step [ 2 ]User approvessign-in request

Step [ 3 ]User gains access

4

Benefits

The HID Approve™ mobile app combines public key-based cryptography and push technology to create a new experience for customers of banks, retailers and healthcare providers as well as between employees and enterprises or organizations. This software-based solution is more intuitive and user-friendly compared to traditional methods of authentication and helps minimize the risk of the wrong person accessing confidential and proprietary information.

Trustedidentity

Seamless experience

Simplified compliance

Low cost of ownership

Flexibledeployment

5

Fully customizable andfine-grained security policies

Secure channel out-of-band activation and authentication

Runtime Application Self-Protection (RASP) to detect and preventreal-time app attacks

Easy and flexible user activationwith QR codes or manual entry

Mobile SDK option for integration into corporate apps

Multiple device registration for user convenience

Support for over 15 languages out-of-the-box

Multiple account registration with multiple service providers in a single app

Compliant with FFIEC, NIST, SAMA, and PSD2 regulations

Secure code (one-time password) option for mobile offline scenarios in case of connectivity challenges

User/CustomerFeatures

Features

The flexible and secure activation process of HID Approve™ ensures that each user’s device is securely personalized using state-of-the-art cryptographic protocols, provided through a straightforward and easy user experience. Users may securely register HID Approve™ with multiple user accounts and service providers, eliminating the need to manage multiple tokens or mobile apps for their two-factor authentication needs.

Out-of-the-box customization enables organizations to keep their brand at the forefront of the user experience without the need to build and maintain a custom mobile application.

System Features

6

Authentication Methods

• Mobile push with public key cryptography

• One-time password: OATH HOTP Event, TOTP Time-based, OCRA

• iOS 8.0 and up (mobile and tablet in portrait mode)

• Android 4.1 and up (mobile and tablet in portrait mode)

• Android KeyStore (hardware backed on version 4.3 and later)

• iOS KeyChain (hardware backed)

• OIDC/OAuth2

• TLS v1.2x509

• HPKP rfc7469

• ECDH

• 800-56 KDF

• PKC#5

• ECC

• RSA2048

• Oath

• HMAC-SHA2

• RADIUS

• SAMLv2

• ADFSv3

Platforms

Protocol and CryptographyStandards

Secure Key Generation and Storage

Specifications

7

Why HID Approve™?

This solution is available as a turnkey application or a software development kit for integration into existing corporate applications.

FlexibleDeployment

HID delivers more control for organizations already providing an app by supporting an on-premise model. It allows easy deployment and faster time to market with the ready-made app.

Increased Control

With server-side configuration capabilities, customers can easily customize the background color, logo and font color to support their brand guidelines.

Effortless Rebranding

Users can verify their access and transactions with a simple swipe gesture, reducing the risk of accidental verification. Users can also register multiple devices for their convenience.

Better UserExperience

8

GET IN TOUCH

HID Approve™ is a new addition to the broad range of authentication products and services offered by HID Global that enables organizations to achieve a maximum return on investment for all their authentication needs.

© 2018 HID Global Corporation/ASSA ABLOY AB. All rights reserved. HID, HID Global, the HID Blue Brick logo and the Chain Design are trademarks or registered trademarks of HID Global or its licensor(s)/supplier(s) in the US and other countries and may not be used without permission. All other trademarks, service marks, and product or service names are trademarks or registered trademarks of their respective owners.2018-08-23-iam-hid-approve-eb-en PLT-04024

hidglobal.com

FIND OUT MORE

p r o d u c t s

G

E N U I N

E