ARCHITECTURE :
- 3 layers distributed protection
- Encrypted digital identities are stored in Keychain (Remember Apple vs. FBI?)
- Encryption key is kept on FinPay Server. No data is kept in FinPay server at all.
AUTHORIZATION :
The encrypted data is only authorised if authenticated by:
- PIN or Fingerprint (Verify User)
- A session token that is created during last app login (Verify User)
- A one time password (OTP) that is randomly created every 30 seconds once the mobile device after verifying SMS verification code (Verify Mobile Device)
INSPIRATION & COMPARISON :
- Intel TrueKey (Sync to Server)
- Google Chrome Smart Lock (Sync to Server)
- Other Web Browser with Password Storage (No or Unknown security)
OUR INNOVATION :
- Sync to Server puts users at risk if database is compromised. Fin Mobile does not sync data to server. Therefore distribute the risk.
- User encrypted data is safe as long as PIN/Fingerprint and Mobile device are not lost. Further distribute the risk.
- The only chance for user data to be comprised is when all three of the layers above are hacked at the same time.
