By using Masabi's EncryptME, the world's first certified Java security application for mobile phones featuring 1024bit RSA encryption, and GrIDsure's ID technology, today's mobile phones can act as discrete secure one time password tokens or provide networked two-channel transaction authentication for the highest levels of security.

"The growth in online fraud is a major concern for consumers, retailers and above all credit card companies. Equally the need for major organizations and governments to provide top-level security access to their data systems and installations is becoming an increasingly important and costly process," said Ben Whitaker Co-Founder and head of Security Development at Masabi. "The combination of two world-leading UK technology companies has provided an innovative solution which solves these issues in a secure and user friendly manner."

For the GrIDsure ID technology, users remember a pattern of squares on a grid instead of a PIN. The user is then shown a fresh number grid for each log-in or transaction, populated with different numbers each time.

To log-in they simply key in the numbers that appear within their chosen pattern, but as numbers are repeated throughout the grid and change every time the system remains secure even if the user is observed. For the mobile solution when a user is prompted to enter a code at an entry terminal, such as a PC, web site or ATM, the mobile application displays a GrIDsure number grid which is time-synched to the authentication server, giving the user the unique one-time code to enter into the terminal. In the case of financial transactions, the mobile application will be securely sent details of the payment confirming the transaction exactly, thereby preventing so-called 'man in the middle' or phishing attacks.

"With the rise in online and identity fraud, it has never been more important to provide user and transaction security," said Jonathan Craymer, Chairman of GrIDsure. "By combining Masaabi's EncryptME and mobile application development expertise together with our GrIDsure system the result is a breakthrough in ID security for everything from day-to-day web transactions to top-level government security."

The combined solution is set to see its first commercial deployments in late 2007 with support for the majority of mobile phones as well as Blackberry and Symbian smart devices.

To date governments and other organizations generally employ RSA secure ID key fobs to provide secure access to their systems. These are relatively costly physical devices that users must carry to continually generate new ID pass codes but which have been victim to 'man in the middle' attacks. Internet banking generally employs either rudimentary password systems where users only ever reveal certain characters thus protecting the entire code or, again, costly and cumbersome physical chip and pin devices which generate unique passcodes for each access request that can also be victim to 'man in the middle' attacks. This new solution provides improved security without the inconvenience to the user, and the cost to the provider of solutions which employ physical
devices.