Strong authentication for mobile devices from VeriSign

With two-factor authentication gaining traction among major online businesses and consumers worldwide, a new “test drive” program announced at the 2009 RSA Conference will show developers how rapidly they can integrate strong authentication into applications written for mobile devices.

VeriSign launched the VeriSign Identity Protection (VIP) Mobile Developer Test Drive Program. The program enables mobile application developers to explore how easily and quickly they can provide users with an extra layer security that goes beyond standard secure log-ins.

Aimed at developers of J2ME and iPhone applications, the VIP Mobile Developer Program builds on the success of a similar program launched at last year’s RSA Conference. By leveraging the VIP Mobile SDK, developers can create a pilot or demonstration version to transform mobile devices into two-factor authentication credentials capable of generating a one-time password (OTP) with every sign-on. The pilot allows developers to “kick the tires” and test the functionality of their mobile applications to see how easy it is to implement and use.

Credentials developed with the SDK will allow users to authenticate themselves at any VIP Network member site, including eBay, PayPal and more than 45 others that are part of the VIP Network.

Starting today, developers can download the VIP Mobile SDK, as well as sample code and documents, after completing a simple click-through evaluation agreement. The tools cover such vital areas as application design, provisioning and validation. Pilot participants can work with the SDK to test how the VIP Authentication Service integrates and operates with their mobile applications easily and can even test interoperability with other pilot program participants.

By implementing two-factor authentication through VeriSign’s Security-as-a-Service model, enterprises virtually eliminate the costly IT infrastructure investments once required to deploy proprietary authentication systems. VeriSign’s open standards-based Security-as-a-Service solution also speeds time to market and drives down per user costs. And with mobile phones serving as free VIP credentials, enterprises can scale their potential user base at negligible per-user costs.

The VIP Authentication Service is deployed on a trusted and shared network, which allows consumers to use a single security device to authenticate themselves across any VIP-enabled Web site. This makes it more convenient for end users to adopt two-factor authentication. While other stand-alone, two-factor authentication solutions incur high initial costs and high infrastructure maintenance fees, VIP is easy and less costly for companies to implement and maintain. By leveraging a shared security and logistics infrastructure, VIP also makes it simpler and more cost-effective for companies with extensive online presence to implement stronger authentication.