OfficeLine MA sends authentication codes to clients upon their request; the clients can use the codes to confirm their identity or to ensure the integrity of the entered transaction.
OfficeLine MA allows to secure all common types of transactions (in the banking sector, e.g. a payment order, confirmation of money collection, or a request for a deposit account) against unauthorized modification.
OfficeLine MA is suitable as an alternative or complement to a token.

Principle of OfficeLine MA Module Operation

OfficeLine MA sends the client's authentication code (upon the client's login request) or a message authentication code (when a transaction confirmation is requested) through an agreed secure channel. Usually, it uses the SIM Toolkit technology (the code is sent to the client's mobile phone as an encrypted SMS message).
To make the calculation of a message authentication code (MAC) resistant to the man-in-the-middle type of attack, the client is sent a check copy of the message together with the code.
Authentication codes sent by the OfficeLine MA module are variable (more precisely, they depend on variable parameters, such as the time of their calculation) and have similar security parameters as codes generated by a token.
Example of OfficeLine MA used to secure an Internet banking service
On web pages, a client chooses the operation of loggin on to the service, whereupon he or she is sent an authentication code (encrypted to his or her mobile phone). By entering this code, the client proves his or her identity.
When the clients submits a request to store a message (such as a payment order), he or she will be sent (encrypted to his or her mobile phone) a message authentication code (MAC). The client adds it to the messages and sends the message. By checking the code, the bank verifies that the order was really submitted by an authorized client and that no protected item was changed in the order (usually the amount and the number of the corresponding account including the bank code).