a proprietary Multi-Factor Authentication (MFA) virtual token security software product from OHVA, Inc., with the added benefit
of being transparent to the user. It provides Dynamic Authentication by automatically generating a new virtual token each
time the user accesses their online account. Because it is transparent to the user, the SoundPass virtual token cannot be
Phished or Keylogged thereby providing strong built in multiple security layers of protection against today's online accessing
villains; including malware carrying the most commonly used exploit, the Zeus Trojan, using a real-time Keylogger. Uniquely, SoundPass
is fully portable with the added flexibility to also be used as a hardware solution based on the user's preference and without
ever issuing any hardware. SoundPass is user friendly, affordable, and requires no maintenance all of which are geared to
save Financial Institutions time and money. It can bolt onto any existing authentication solution Login page adding a strong
layer of MFA security. SoundPass has been protecting online bank accounts for members of Anheuser-Busch Employees' Credit
Union and American Eagle Credit Union since 2007.
SoundPass is a cutting edge solution. We feel it offers our members the highest level of security available."
- David Gray, Manager, Electronic
Services, Anheuser-Busch Employees' Credit Union and Division
ON-LINE VULNERABLITY: Today's exploits far exceed yesterday's authentication solutions, which almost all have been breached right out of the
gate. Besides being ineffective against current sophisticated online
threats, authentication solutions have also proven to be too expensive. Hundreds of millions of online users are vulnerable worldwide. Bloomberg released
an article in August 2011 stating that, “cybercrooks are stealing as much as $1 billion a year from small and mid-sized
bank accounts in the U.S. and Europe.” Law enforcement is unable to address the majority of these cybercrimes. The New FFIEC Guidance
requires a layered approach for best security practices regarding consumer online bank accounts. The majority of access security
solutions already utilize multiple security layers. Unfortunately, these layers tend to be various types of single factor
authentication or they revert to single factor, which in every case are no match against today’s organized crime in
protecting online accounts. What is interesting is while the FFIEC best security practice for consumer accounts is to use
a layered approach, for commercial online accounts the FFIEC mandates MFA security. Why? Because MFA provides stronger authentication
security, which all online bank accounts should be using as best security practice.
Majority of today's Authentication
Username and Password is single factor authentication, vulnerable to Keylogging, Phishing, Man-in-the-Middle,
Challenge-Response Question is single
factor authentication, vulnerable to Keylogging, Phishing, and Man-in-the-Middle.
Address can be spoofed, temporarily routed to a fake
Web site, or to a Hacker's PC.
be easily deleted, stolen, moved, or just lost.
& Phrases are vulnerable to Keylogging and MITM.
Tokens regardless of form factor are vulnerable to a Zeus
Trojan real-time Keylogger.
Behavioral Software flags anomaly's and reverts the user to a Challenge Question.
Out-of-Band phone calls are vulnerable to a Zeus Trojan and MITM unless used
with a strong MFA solution.
are vulnerable to Phishing, Counterfeiting, cumbersome to use, and expensive.
Smart Card requires a cumbersome and expensive to deploy reader.
USB Tokens are cumbersome and expensive to deploy.
White Paper by OHVA, Inc.
SoundPass™ is a cryptographically advanced
security technology software solution offering strong, fully portable, and affordable multifactor authentication for all browser-based
logins. It consists of a software driver dll that resides on the server and a small Java applet, sent from the server, which
runs on the client machine.During
initialization, the SoundPass™ server driver creates and passes a software token to the client applet, and stores a
master copy in a database. The SoundPass™ client applet encrypts the software token using an owner-supplied key, where
the key is never stored on any device or held in any way by the applet. The SoundPass™ client applet stores the encrypted
token file on the hard drive or any portable writable device that has a drive letter on the client machine, including USB
thumb drives, PDAs, MP3 players, network enabled devices, DVDs, CDs, floppy disks, and internal or external hard drives. Registration
of individual users is fully automatic and there is no additional maintenance required outside of normal server administration.During authentication, the SoundPass™
client applet decrypts the stored token file using an owner-prompted key, combines the token with a session key, verifies
the server to which the client is connected, and securely transmits the result to the server via encryption mechanisms. The
SoundPass™ server driver validates the result by performing the same calculations on data expected from the client applet
and compares the results.
1. The value of the token never changes, allowing the user to share the key with family members, etc. However,
the information passed to the server is never the same, creating a one-time-use key, valid only once.
2. The user-supplied key that is used to encrypt and decrypt the token file is never stored, making it difficult
to compromise the actual token. This prevents an attacker from using the information captured from the stored token file from
a lost thumb drive, Trojan attack, etc.
3. The client applet can optionally display a
keypad, allowing the user to supply a key using only the mouse. This feature defeats “Key Logging” attacks.
4. The solution contains built-in checks against “Man-in the Middle” attacks. The client applet
and the server dll run checks to verify that the client is communicating directly with the intended server.
5. The information exchanged between the server and the client provides a built-in design feature that defeats
6. The encrypted token file can be stored on
a user-supplied USB thumb drive or PDA, effectively creating a 100% Hardware Token solution without having to deploy unique
7. SoundPass™ is packaged as a Java jar file and a server side
dll, making deployment simple.
DEFEAT MALWARE TROJANS: To learn more about
how we can comfortably make this extraordinary claim and discover how SoundPass fits into your online accessing security efforts,
contact us by email at:firstname.lastname@example.org or by phone at: 408-857-0716