Freja Mobile is a next-generation solution for mobile authentication. It consists of two components: the smartphone application called Freja Mobile Token (FMT) and its server-side component – Mobile Authentication Secure Server (MASS). Freja Mobile can be used in a range of scenarios, from remote access for corporate or public-service resources to e-commerce and online banking.
Freja Mobile Token can work in two different modes: OTP mode and Sign mode.
End-users can have their mobile token working in one or both of the describes modes. If their Freja Mobile works in both modes, it actually contains two tokens and thus two separate token serial numbers will be associated to that user.
TLS 1.1 and TLS 1.2
Freja Mobile smartphone application is supported on all major smartphone platforms –iOS, Android and Windows Phone. End users can download it for free from Apple App Store, Google Play or Windows Store. There is also a desktop version called Freja Desktop Token (FDT).
Minimum required versions of the operating systems for the smartphone app are the following:
Minimum required version of the operating system for Freja Desktop Token is Windows 7 and the required version of .NET framework is .NET 4.5.
Differences between versions of operating systems do not affect Freja Mobile app. It will work the same on all supported versions.
No, at least not at the moment.
Yes. We provide fully functional custom style apps that cover all the important features. Contact us to tell us how you would like your Freja to look like.
No. We have root/jailbreak checks on start-up and we disable usage in those cases.
No. Your PIN code is not stored on the device at all.
Gartner has listed top ten technology trends – one of these states that “every app needs to be self-aware and self-protecting”. Very few apps available on app stores can truly be said to be both aware and self-protecting today.
No, this is not possible for now. Users can have up to two tokens in one app, one working in OTP mode (token is a one-time password generator which can be used offline) and another in Sign mode (token used online for transaction signing, login approval, etc.).
Yes, but this requires the application used by the organisation (in further text, Business Online Application – BOA) to support this option. Formally each device would have Freja Mobile Token installed with its own serial number, but all of them would be associated to one user and could be used equally for OTP generation and signing.
These are suggestions for possible solutions:
Not at the moment, but in the near future our API will support push operations along with pull requests. This means that MASS will be able to send notifications, without waiting for BOA to ask for the status of an action.
Theoretically, if Freja Mobile Core SDK is integrated in both apps, it is possible for them to share memory space reserved for those apps on the phone. To be more precise, they would need to share the part of that memory space where the token data is stored. However, this option has not been tested.
The procedure is the following: when a user starts a transaction on BOA, BOA sends all the relevant information to MASS. This information comprises the transaction text, which will be displayed on the mobile app, a token serial number, and optionally, the transaction’s validity period. To confirm that the transaction has been registered and relayed to Freja Mobile, MASS returns the following: transaction reference number – a unique ID number associated with the transaction and a recommended polling interval for sending the next request, which is the result of the transaction. If the connection breaks when the confirmation was sent from MASS and BOA does not get that information, a problem may occur. As for MASS, the transaction is registered/approved/cancelled, but BOA does not know what is the state of that transaction. For instance, the transaction might expire or be cancelled on BOA even though the end user had received the transaction and approved it.
BOA API and MASS service will soon support an option which will allow BOA to query MASS for the state of the same transaction as many times as necessary, until an answer about the transaction state is received: started, approved, cancelled, expired.
When a user stops using organisation’s services, it is sufficient to delete the token serial number associated to them from the database (LDAP). This way the user will no longer be able to use the token. If the organisation considers that this is not enough, token can be deleted from Freja ID as well. It can be done easily through the Token Management Console or using deleteToken method on Freja ID’s Provisioning API.
Yes. Freja Mobile allows a backup option in Sign mode – offline signing is possible by scanning a QR code generated on BOA. This functionality needs to be supported by BOA and the QR code should contain all the necessary information about the started transaction/login which is to be displayed to the user. Inside the QR code, the transaction text is encoded in UTF8 format. The maximim length of the text is 1000 characters.