Mobile App

m-Trusted is an OTP generator app for mobile phones. It is part of a complete solution, compliant with OATH Standard, that allows its use by many organizations, multiple tokens and several different methods. All of them organized in the form of a catalog.

It is intended for all employees, partners, users and even customers that have access to relevant resources, authorizations and transactions within your organization. It can be integrated with VPN solutions, Web Applications, Web Portals, e-commerce, CRM, Internet Banking or any other application that can make use of external web services, SAML or Radius, all of which can count on strong authentication.





Increase your system security adding more factors to authenticate your user. Go beyond the username and password using also dynamic passwords. m-Trusted Suite will help you to easily add new authentication factors. You can share the user’s devices between several applications across the enterprise.

Our mobile app/SDK was tested against cloning using several technics from copying our mobile database to reverse engineering.


Our Multiplatform server enables your business application to use strong authentication to use several methods like Time OTP, Challenge response OTP and the most advanced Transaction Data Signing. From a login procedure to a transaction authorization, you will use a seamless integration.


Your user just need to download the app from your store and input the activation code sent from the Mobile Deployment Server into the app to obtain its own token, confirming the success by sending two numeric passwords back to the server.


m-Trusted Authentication Server

OATH compliant one time password authenticator.

Several methods supported:

OATH Event OTP – counter based OTP

OATH Time OTP – clock based OTP with configurable time step

OATH Challenge Response (OCRA) – challenge based OTP. The challenge can be generated by m-Trusted or by your channel

Transaction Data Signing (OCRA based) – the challenge is composed by the actual transaction data to ensure that no change can be made (man in the middle protection)

Multiplatform server

Windows / Internet Information Service (.NET) – Full suite with webservices and webapp for administration supporting Oracle, Microsoft SQL Server databases

Linux / WebSphere or JBOSS – Full suite with webservices for administration supporting Oracle

Mainframe z/OS – database independent authentication SDK


As the clocks are not running at the very same step, desynchronization will happen, even for hardware token. Even more frequent in mobile phones (clock changes quite often, including time zones, different antennas, user changes time, UTC, Timze Zone & Daylight savings). m-Trusted Server keeps track on each token’s clock making the authentication much more smooth for the user.

Token Seed Deployment

Under an online secure process, the seed is negotiated between the mobile and the server. Avoiding the seed injection, we can diminish the man-in-the-middle risk. A sort of mechanisms protect the seed to be cloned even if the attacker gets the user’s private activation code.


Mobile Security

App testing on the security of a target Android or iOS app, including: Reverse engineers the app binary to detect flaws that can lead to a vulnerability; Analyzes app permissions, level of obfuscation and other key security attributes to assess risk.

Custom Software Development

The OpenCS has extensive experience in developing solutions for mobile devices like cell phones and is entitled to develop applications for the most different platforms and devices supporting Java, Android, Blackberry, iPhone, Nokia Symbian, Windows Mobile and Brew.

Risk Management

OpenCS provides expert consultation on GRC (Governance, Risk Management and Compliance) and policy management, helping to introduce a methodology for directing and controlling an Information Security Management System.


OpenCS is one of the premier provider of Information Security and authentication solutions, helping the organizations by solving their most complex security challenges. The challenges include reducing risk and eventual fraud on internet banking channels. Also, when it comes to mobile apps and mobile banking we can help organizations cope with such challenges.


What we sell

Software suite that comprises:

Server side software for authenticating One Time Password (OTP) tokens on z/OS, .NET and Java.

Mobile Token Software on a standalone mode (with customer L&F) or integrated with your existing mobile apps.

Authentication Center software that allows multiple applications and multiple authentication methods centrally managed enabling token sharing among multiple apps if necessary.

Need Help?

Contact the OpenCS team to get more information about m-Trusted or any of the other products and services we offer.


Open Communications
Security S.A.

Rua Julio Diniz, 56
9º andar - cj. 92
CEP: 04547-090
Vila Olímpia - São Paulo - SP - Brazil
Phone: +55 11 4115-4422