Boojum SA
Boojum SA offers secure, easy to use, two-factor authentication on a cellular phone to replace the use of simple Username and Password for online transactions. It leverages the cellular infrastructure to provide a low cost deployment environment ideally suited for the financial services industry. Consumers can use their existing cell phone as a smart private key to guard against identity theft and as an extension of their online services. Financial service providers can leverage Boojum SA as a platform to simplify and extend the customer's online banking experience to a mobile device through additional value-added services.

Two-Factor Authentication
Two-factor authentication provides stronger security than simple user name/password authentication. It is based on "something you have" working together with "something you know" (a password or PIN). With Boojum SA, the first factor is the cell phone the user already owns, and the second factor is a personal PIN number, selected by the user.

How it Works
Boojum SA is downloaded over the air, directly to the phone, in the form of a Java or BREW application. The user self-provisions via a secure website, selecting a personal PIN# that initializes the phone with a unique Boojum Secure Token. The Boojum Secure Token is a shared secret or private key which when combined with the user-selected PIN, uniquely identifies the phone for secure authentication.

Simple, Secure Online Two-Factor Authentication
To enter a Boojum-secured site, a user simply enters their personal PIN into their phone and a unique, onetime password (OTP) is instantly generated by the phone and displayed to the user. The user enters this one-time-password along with their username or cell phone number at the financial website log-in screen.

Now the cell phone functions as a smart private key, adding an extra layer of protection when logging into any site that supports the Boojum SA Token.

Automatic Site Authentication
For added protection against phishing, Boojum SA authenticates the website proving the identity of the site to the user before any transactions take place. During a log-in sequence, a unique site ID number is generated and displayed on the website. As the one time password is generated by the phone, a corresponding website ID is also displayed on the phone's screen. When the user confirms that the two ID numbers match, the identity of the site is verified.

Single Sign On
Unlike most hardware token solutions, Boojum SA makes it easy to use a single PIN to access multiple websites. Now access to multiple brokerage accounts, on-line banking, and other service sites can be managed directly from a cell phone by using Boojum's single sign-on feature. Boojum handles the communications to each authenticating server and presents a menu driven interface on the phone. The user simply selects the appropriate menu item on the phone screen corresponding to the account or site they wish to access. The phone and Boojum SA do the rest.

Single Sign On Makes It Easy To Manage Multiple Accounts

(SOA) Service Oriented Architecture
Boojum SA was designed to easily integrate with existing online systems. The Boojum Token client on the cell phone works in cooperation with Boojum's secure authentication server. The server deploys, provisions and initializes the Secure Token and validates the user's PIN during the initialization process. Boojum Mobile uses a standard service oriented architecture for easy web services integration and fast-to-market application development.

Boojum SA - The Ideal Consumer Solution

As easy to use as an ATM card, Boojum SA is a strong, cost effective solution for online identity theft. It leverages the cell phone that the customer already owns, avoiding the cumbersome distribution of separate key chain password generators or USB plug-in devices. It is user self-activated over the air - eliminating the need for costly call center support.

Value Added Mobile Services Opportunity
Boojum SA also provides an opportunity for service providers to deliver additional value-added mobile services that leverage the secure authentication platform without requiring added deployment or user provisioning. Users can subscribe to new secure, personalized mobile services by simply signing up on their online banking site. These new services can drive online usage and provide revenue generating opportunities.

  • Secure Alerts & Messaging - Leverages the secure phone link to the Boojum server
  • Mobile Transaction Approval - Approve critical transactions, anywhere, at any time

Boojum SA Features

  • Commercial strength, two factor authentication - replaces simple username and password
  • Authenticates in or out of cell coverage
  • Automatic Site Authentication - prevents phishing & spoofing by verifying the authenticity of a site
  • Single Sign-On Token Management-transparently manages multiple authentication domains, allowing the user to access multiple secure sites with a single PIN
  • PIN is not stored on the phone or sent over the air
  • Secure alerts, messaging, and mobile account management
  • Low cost to deploy & support
  • Deployable over the air
  • Self-provisioning via standard web interface
  • Available as both a BREW or Java download
  • SMS Solution for older phones

For more information on Boojum SA, please contact us at sales@boojummobile.com
©2008 Boojum Mobile, Inc.