Download PDF
Securing Mobile Applications with SSO Authorization and PKCE
Technology Category
- Cybersecurity & Privacy - Application Security
- Robots - Wheeled Robots
Applicable Industries
- National Security & Defense
- Telecommunications
Applicable Functions
- Quality Assurance
Use Cases
- Tamper Detection
- Voice Biometrics
The Challenge
The client, a US-based communication provider, was in the process of transitioning most of its services to mobile devices. They aimed to provide their users with easy, real-time, and seamless access to information, products, and services. However, they encountered issues with their authentication process, which was not robust enough and was vulnerable to attacks due to ineffective implementation of their authentication tokens and session management. The client realized the need for a solution that would facilitate secure access to resources through mobile apps without compromising performance. Two major problems were identified: the transmission of sensitive data through URL redirects during Single Sign-on (SSO) logins, and the increased security risks posed by SSO logins via web and mobile apps.
The Customer
Not disclosed
About The Customer
The client is a US-based communication provider that was in the process of digitizing most of its services. They aimed to provide their users with easy, real-time, and seamless access to information, products, and services through mobile devices. The client prioritized customer trust and was committed to ensuring top-notch security for their information and resources. However, they faced challenges with their authentication process, which was vulnerable to attacks due to ineffective implementation of their authentication tokens and session management.
The Solution
To address these challenges, the client implemented a Proof Key Code Exchange (PKCE) system. This system was designed to prevent the interception of the authorization code by malicious apps that had infiltrated the user’s device. The client had built multiple subsystems for every functionality, and these were responsible for providing resources and access to mobile applications. The PKCE system was implemented to provide secure access to all these applications. The solution, which included secured SSO authorization with PKCE, protected the mobile apps from unauthorized access. It provided additional security, protected user privacy, and increased customer satisfaction.
Operational Impact
Quantitative Benefit
Related Case Studies.
Case Study
Vodafone Hosted On AWS
Vodafone found that traffic for the applications peak during the four-month period when the international cricket season is at its height in Australia. During the 2011/2012 cricket season, 700,000 consumers downloaded the Cricket Live Australia application. Vodafone needed to be able to meet customer demand, but didn’t want to invest in additional resources that would be underutilized during cricket’s off-season.
Case Study
SKT, Construction of Smart Office Environment
SK T-Tower is the headquarters of SK Telecom. Inside the building, different types of mobile devices, such as laptops, smartphones and tablets, are in use, and with the increase in WLAN traffic and the use of quality multimedia data, the volume of wireless data sees an explosive growth. Users want limitless Internet access in various places in addition to designated areas.
Case Study
Data Capture for Afghanistan Forces
Electronic equipments on the field of Afghanistan provided information on the status of the vehicle and to identify potential threats surrounding it to the British Force. The monitoring and interpretation of this data requires robust and sophisticated digitization for data capture and communication.