3. After that, whenever the user logs in to the banking site with username and password, the site displays Request Challenge-1 -- a set of numerals sent by the PLA server. The user enters that set into the PLA mobile app and gains access to the secured portion of the banking site.
4. In the background a second challenge, Challenge-2, is sent from the server to the phone via SMS.
5. The PLA mobile app creates a hash using Challenge-1, Challenge-2, and the AppID as well as the IMSI and the ICCID read directly from the phone. The app encrypts the hash and sends it to the server.
6. Independently the server hashes the same values from its database and compares the resulting hash to the hash sent from the phone. If they match, the user gets a welcome screen on the Web page.
Sagi says he is uncertain about plans to commercialize PLA.
Sign up for Computerworld eNewsletters.