RubeanSign has been designed as an SDK module and takes the form of a Mobile Banking app for Android smartphones. It enables the device to emulate a CAP / DPA reader (commonly known as a “Pin Sentry” device) and will enable users to authorize banking transactions (as displayed on the phone), just by
- Identifying themselves using fingerprint biometrics – ie. pressing an enrolled finger on the phone’s biometric sensor (usually provided as standard Android functionality, built into the “home” button) and then
- Holding their own (NFC capable) debit card to the back of the phone to digitally sign the transaction.
NOTE : RubeanSign supports symmetric cryptograms and asymmetric signatures
By design, the RubeanSign app is always invoked by a “master app” server which loads the transaction data for the user to authorize. The master app may (for example) take the form of …
(A) A mobile banking app, or
(B) A money transfer payment app, or
(C) A Challenge/Response app which can replicate the functionality of CAP / DPA (“PIN Sentry”) devices (but without the need to impose One Time Password handling efforts on the user)
(D) A QR code scanning app (as used for loading the transaction data from a second device) :-
- Eg : A merchant / retailer’s Point-of-Sale tablet or the user’s desktop browser
In each case the master app server communicates with the RubeanSign app, returning a transaction initiation receipt to the master app
Customer chooses the RubeanSign option (in master app) as a means of authorizing a transaction.
(On request) Customer presses finger to the “home” button fingerprint sensor …
... and then holds their card to back of phone. One-Time-Password (OTP) respective signature is automatically sent to the bank
- Transparent integration into established banking and payment apps: RubeanSign is built as a white-labelled Android app which can be added-to, and invoked by, an established master app, Eg. a mobile banking app
- Easy to use: The “press finger and hold debit card” method is one of the easiest available and has already proven popular with users in similar scenarios. No more will the customer have to copy a One-Time-Password from one interface to another
- Multi-factor: In line with PSD2 requirements, RubeanSign will authenticate an issuing Bank’s customers, using a mobile phone, with two factors (biometrics + possession of card), before accepting the transaction request
- Highly secure: The electronic signature on the NFC debit card provides optimal security and combines with other processes like “end-to-end public key encryption” of the card PIN (from issuing bank to card) and fingerprint authentication
- Lower cost of entry for merchants – Traditionally, retailers wanting to accept card payments were forced to lease a Chip&PIN device of some description. RubeanSign functionality removes this overhead and offers a software-only solution which makes card-payments a truly go-anywhere, “trade-anywhere” option for businesses of all sizes
- Cash not a problem – In regions where use of cash is being discouraged, RubeanSign offers a truly secure and convenient solution for traders and customers, alike
- All on the card: In-line with current Cyber-security “best practice”, no sensitive customer or financial details are stored on the phone, or exposed to the retailer, all data remains securely on the card.
Comparison: RubeanPay and RubeanSign
RubeanPay and RubeanSign BOTH digitally sign mobile transactions on the user’s NFC bank card. BOTH are highly secure and convenient in their modus operandi but they differ in the way they handle the PIN that triggers the signature on card….
- RubeanPay works (in contrary to HCE approaches) independently of agreements with card issuers but utilizes certain security measures within the phone, such as an embedded Secure Element to store the PIN securely and to unlock it with a finger print
- RubeanPay could be seamlessly integrated (as OEM technology) within a phone specific payment solution, thereby adding the capability to handle a physical card as well as a tokenized card.
- RubeanSign works on any Android phone but requires the issuing banks to provide the card PIN securely from the backend. This means the solution is NOT subject to (or dependent on) upgrade paths of phone manufacturers – it remains fully within the control of the Banks
- RubeanSign could be seamlessly integrated (as OEM technology) within a mobile banking app or money transfer mobile payments app.
Both solutions combine to support a variety of operational scenarios where NFC cards (debit and credit) can be used to sign mobile transactions.