Cidway Banking 02 2011
description
Transcript of Cidway Banking 02 2011
Discover the future of security on www.cidway.com
DISCOVER CIDWAY
Securing Access & Transactions 2011
Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 2
Table of Content
• CORPORATE BACKGROUND Facts & History Industries
• BUSINESS CASES Multi Channel authentication & transaction signature for Banks
Corporate Access
Wifi Hotspot Access
• PRODUCT PRESENTATION Product Line Tokens Features Key differentiators
CORPORATE BACKGROUND
Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 4
CIDWAY – Background
Cidway
Created in December 2005
Head Quarters in Lausanne, CH
Sales Offices in Switzerland & UK
Internal R&D & Patent Office
Partners and Customer Services
Global presence via partners & resellers
Support center for Partners
Support portal available for partners
Consulting services
CIDWAY’s Vision Authentication and transactions should be safe, reliable and easy for anyone, anywhere, anytime
This vision is fuelled by:
Meeting virtually all authentication requirements
Making Authentication & Transactions simple, easy, accessible, secure and user friendly
Addressing virtually unlimited vertical applications from one platform
Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 5
Secure Identity, Authentication & Transactions
Banking & Finance
E-Banking, Mobile-Banking, Transactions signature, Phone Banking, ATM & POS anti-fraud…
Mobile Application’s Providers
Securing access & transactions for mobile applications (e/m-Commerce, e/m-Gambling, sms authentication…)
Mobile Money & Payment
P2P mPayment, cardless ATM cash withdrawal, POS mPayment, Bill payment…
Enterprise resource access
Two-factor authentication to Login to the Desktop / VPN access / Applications / Citrix / Webmail…
Homeland Security
Airline pilot & vehicle identification
physical security solutions (guard exchange id., biometric implementation, etc.)
Telecommunications
Mobile Top-up, resources access, ASP authentication solution, SIM based OTP…
E-Government services
Citizens authentication & transaction security, electronic & mobile voting, bill payment…
Enable new channels - Improve client’s confidence & loyalty – Lower TCO
BUSINESS CASES
Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 7
CIDWAY Multi Channel authentication for Banks
Improve ROI & Enable new Channels • Ra%onalize the number of authen%ca%on solu%ons • Lower the cost of acquisi%on & maintenance • Lower the cost of deployment & replacement • Lower transac%ons’ cost & dispute support • Improve customer acquisi%on & reten%on • Enable innova%ve & revenue genera%ng services
Simplify User Experience • Choice of device (mobile soCware, hardware, sms) • A device that the User already has (mobile phone) • Simple & easy to use • One applica%on for many services
Security • A very high level of security, using %me based OTP, with
2-‐way authen%ca%on & Transac%on’s signature, combine with a unique & patented PIN and secrets protec%on on the Mobile phone.
Integra?on • Easy to integrate within exis%ng bank infrastructure (Gaia
Server or SDK) • Mobile SDK for integra%on in any exis%ng mobile applica%on • Scalable & fail-‐safe solu%on • Easy deployment (internal tools)
DOCUMENT SIGNATURE & DATA
CORROBORATION
ONLINE BANKING MOBILE BANKING
PHONE BANKING
ANTI-FRAUD ATM
DESKTOP LOGIN REMOTE ACCESS / VPN
SMS / EMAIL AUTHENTICATION
Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 8
Corporate Access - CIDWAY
1. Remote Access / VPN (using a PC or a PDA)
2. Desktop login (in the corporate network – Windows, Mac…)
3. Remote access using Citrix plugin from Cidway 4. Webmail access using plugin from Cidway
5. Application Access (SAP, Oracle, etc.)
radius
SSL VPN Gateway
PDA & Cidway OTP
CIDWAY SERVER
Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 9
WIFI HOTSPOT ACCESS
• Securing Internet access via Wifi Hotspots and a Captive Portal (existing CP or the one embedded into the WiFi infrastructure: Cisco WLC, Aruba, HP procurve…)
• Can be used with Display Cards, Sesami Mobile or SMS-OTP
• Self-registration Portal in the case of SMS-OTP
• The interface with the CP is done using Radius protocol
• Direct connection with Access Points does not work.
• Subject to complete feasibility analisys
CARACTERISTICS
ADDED VALUE
• Securing & automatic Internet Access for Guests & Consultants…
• Traceability for Public Wifi Access (according to European regulation), using sms-otp
Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 10
CIDWAY key differentiators
Flexibility • Hardware, sms & Software tokens • Multi-purpose solution (transaction, authentication, document/email corroboration) • One single server for multi-channel communication
Cost Optimization • 1 solution secures all remote-access • Low acquisition, deployment and maintenance costs • No need for inventory (sms & soft) • Transaction’s cost reduction and customer retention
Convenience • 1 device & 1 PIN for any access or transaction • Familiar and user friendly experience • No need to carry many tokens
Security • Time based OTP algorithm (One Time Password is “not predictable”) • Anti-fraud protection against common attacks (e.g. phishing, man in the middle, etc.) • Secrets are not stored in the Cell-phone (soft token)
Integration • Easy to integrate within existing infrastructure • Scalable solution
Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 11
CIDWAY Some of our Clients, Partners & on-going initiatives
PRODUCT PRESENTATION
Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 13
CIDWAY GAIA / SESAMI Product Line
One server for multiple tokens
GAIA SDK"Authentication platform SDK
GAIA Server "Authentication platform
SESAMI Mobile"Time based OTP Software token for mobile phones.
SESAMI Mobile SDK"Time based OTP Token SDK for mobile phones
Hardware Tokens
Convergence of physical & logical access"
SESAMI SMS"SMS based OTP for mobile phones
SDK: Software Development Kit
Display Cards
Yubikey
Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 14
CIDWAY SESAMI Mobile
OK
FEATURES & CHARACTERISTICS
Security
• Time based OTP with time stamping
• OTP time management to the second
• Protection against theft or loss of mobile phone: PIN not stored on Mobile, neither transmitted, neither stored on the server (patented solution)
• PIN Code selected by the User (no need for temporary PIN sent to the User)
Compatibility
• Large handset coverage (Windows Mobile, Blackberry, Android, Java, iPhone, iPad)
• Automatic time synchronization (support of any clock change on the mobile)
• Multiple transmission methods (Screen display, SMS, WAP, MMS, GPRS, Acoustic, NFC*…)
Functionalities
• 2-factor authentication (User authenticated by the Server)
• 2-way authentication (server is authenticated by the User)
• Transaction’s signature (guarantee the integrity of transactions, against MitM)
• Automated registration
• Time Traceability
• Mobile SDK for integration into any existing mobile application
Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 15
1. Download methods • Over the Air (OTA)
– Push: triggered by the Bank (e.g. sms-link)
– Pull: triggered by the User (request on the Web portal of the Bank)
• Any other communication means – eMail – PC Download – Pre-loaded – Bluetooth – Etc.
Distribution
Download Gateway (sample)
2. Download Gateway • Automatically detects User’s phone
– Pushes the appropriate application
– Redirects to appropriate Mobile Store (AppStore…)
3. User Registration • Automatically Registration
– UserID & Password (on Mobile)
– Numeric Code (on Mobile) • User selects PIN Code (4 to 8 digits)
Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 16
Display Card 106
• Dimensions: 85.5mm x 54mm x 0.8mm
• NagraLam lamination technology
• OTP OATH algorithm
• Dynamic one-time password (OTP)
• Numerical 6-digit display
• Compliant to a broad list of standards (ISO/IEC, INCITS, ANSI, CQM, others pending)
• 1 to 3-year lifetime* (see warranty)
• Tamper evident
• Custom artwork graphics (above 1’000)
• Card personalization features and options
Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 17
NagraID Display Card 306
• 1 to 3-year lifetime* (see warranty)
• Tamper evident
• Custom artwork graphics (above 1’000)
• Card personalization features and options
• Dimensions: 85.5mm x 54mm x 0.8mm
• NagraLam lamination technology
• OTP OATH algorithm
• Dynamic one-time password (OTP)
• Numerical 6-digit display
• Compliant to a broad list of standards (ISO/IEC, INCITS, ANSI, CQM, others pending)
Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 18
YUBIKEYS
• Physical properties (YubiKey) • Size: 18 x 45 x 3 mm
Weight: 2,5 grams Material: Plastic Color: Black or white (Other colors available on request)
• Platform independent • Compatible with Windows 98SE and onwards, MacOS 9 and
onwards, Linux and Solaris with USB HID support (standard USB driver) and other platforms and devices with a USB host controller.
• HOATH Algorithm
CARACTERISTICS
Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 19
CIDWAY SESAMI SMS
FEATURES & CHARACTERISTICS
• Strong two-factor authentication
• No need for software installation or activation in the mobile
• No secret stored in the mobile
• User convenience – automatic back-up to hardware tokens
• User can change his mobile phone time zone or time
• Easy management – no need to maintain inventory
• Works with any SMS enabled mobile phone or PDA
OTP FEATURES
• 8 decimal digits (or optionally 8 hex-digits)
• Time-based combined with challenge-response
• Validity of few seconds (server parameter)
• Automatic time management by the server • Easy deployment
• No stock management
• Low on-‐going cost
Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 20
What makes us different from competition?
PIN & Data protection - Ability to protect secret and sensitive data in mobile phones and PDAs, using Cidway patented solution
Registration and Activation - Ability to ensure convenient & secure registration procedure for CIDWAY mobile tokens
Time Management - Ability to time-stamp the OTP and Transaction Signature to the second and to allow an off-line (after-the-fact) verification of the OTP or the Signature.
Automatic Time Synchronization - Ability to fix in a transparent way for the user and the server the time drift between the token and the server, even if the token is a mobile application.
2-Factor Authentication – using a time-based OTP generated autonomously on a mobile phone
2-Way Authentication – ensuring the User he’s connected to the right server
Transaction Signature – preventing MitM attacks, with uniquely customizable fields
Mobile SDK – seamless integration into any mobile application ensuring the simplest User experience
TECHNOLOGY
UNIQUE RESPONSE TO MARKET NEEDS
THANK YOU FOR YOUR ATTENTION
For more information, contact:
Laurent FILLIAT VP Strategic Business
Mob. +41 78 842 11 47 Tel. +41 21 331 27 00 Fax +41 21 331 27 09
Email: [email protected]