While developing the internet-election-plattform Polyas (http://www.polyas.de) Micromata invented a component for secure PIN/TAN/passwort input via untrusted, insecure web-browsers. Transec is freely embeddable and redistributable for non-commercial projects. A commercial license with support is also available - please ask.
The input of PIN/TAN/password via standard web controls such das HTML-foms is under attack by spy- and malware. Transec enables user-authentication using a 100% server-side control - only images and coodinates are transferred to the untrusted browser. Transec can be integrated in each Java-Webapplication easily.
The Transec-taglib can be included in exisiting HTML-authetication dialogs.
Convince yourself by trying our demo-application or inspect the transec sourcecode available on our homepage
How it works
Transec generates the graphical user interface (GUI) dialog for PIN/TAN/Password input on the server-side as a simple image. The insecure browser does nothing else than displaying this image as an HTML-imagemap. The browser sends coordinate information of each click on this imagemap directly back to the server. Then the server responds with a new image. The PIN/TAN/Password is never known by the insecure browser.
If the browser is affected by spy- or malware, this spy- or malware has no possibility to get the PIN/TAN/Password since this information is'nt known by the browser.
Transec also protects your application against unwanted cache oder save functionality of the browser.
is the OpenSource platform of 