Cidway Banking 02 2011

Discover the future of security on www.cidway.com

DISCOVER CIDWAY

Securing Access & Transactions 2011

Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 2

Table of Content

•  CORPORATE BACKGROUND   Facts & History   Industries

•  BUSINESS CASES  Multi Channel authentication & transaction signature for Banks

 Corporate Access

 Wifi Hotspot Access

•  PRODUCT PRESENTATION   Product Line   Tokens Features   Key differentiators

CORPORATE BACKGROUND


CIDWAY – Background

Cidway

  Created in December 2005

  Head Quarters in Lausanne, CH

  Sales Offices in Switzerland & UK

  Internal R&D & Patent Office

Partners and Customer Services

  Global presence via partners & resellers

  Support center for Partners

  Support portal available for partners

  Consulting services

CIDWAY’s Vision Authentication and transactions should be safe, reliable and easy for anyone, anywhere, anytime

This vision is fuelled by:

  Meeting virtually all authentication requirements

  Making Authentication & Transactions simple, easy, accessible, secure and user friendly

  Addressing virtually unlimited vertical applications from one platform


Secure Identity, Authentication & Transactions

Banking & Finance

E-Banking, Mobile-Banking, Transactions signature, Phone Banking, ATM & POS anti-fraud…

Mobile Application’s Providers

Securing access & transactions for mobile applications (e/m-Commerce, e/m-Gambling, sms authentication…)

Mobile Money & Payment

P2P mPayment, cardless ATM cash withdrawal, POS mPayment, Bill payment…

Enterprise resource access

Two-factor authentication to Login to the Desktop / VPN access / Applications / Citrix / Webmail…

Homeland Security

Airline pilot & vehicle identification

physical security solutions (guard exchange id., biometric implementation, etc.)

Telecommunications

Mobile Top-up, resources access, ASP authentication solution, SIM based OTP…

E-Government services

Citizens authentication & transaction security, electronic & mobile voting, bill payment…

Enable new channels - Improve client’s confidence & loyalty – Lower TCO

BUSINESS CASES


CIDWAY Multi Channel authentication for Banks

Improve ROI & Enable new Channels •  Ra%onalize the number of authen%ca%on solu%ons •  Lower the cost of acquisi%on & maintenance •  Lower the cost of deployment & replacement •  Lower transac%ons’ cost & dispute support •  Improve customer acquisi%on & reten%on •  Enable innova%ve & revenue genera%ng services

Simplify User Experience •  Choice of device (mobile soCware, hardware, sms) •  A device that the User already has (mobile phone) •  Simple & easy to use •  One applica%on for many services

Security •  A very high level of security, using %me based OTP, with

2-‐way authen%ca%on & Transac%on’s signature, combine with a unique & patented PIN and secrets protec%on on the Mobile phone.

Integra?on •  Easy to integrate within exis%ng bank infrastructure (Gaia

Server or SDK) •  Mobile SDK for integra%on in any exis%ng mobile applica%on •  Scalable & fail-‐safe solu%on •  Easy deployment (internal tools)

DOCUMENT SIGNATURE & DATA

CORROBORATION

ONLINE BANKING MOBILE BANKING

PHONE BANKING

ANTI-FRAUD ATM

DESKTOP LOGIN REMOTE ACCESS / VPN

SMS / EMAIL AUTHENTICATION


Corporate Access - CIDWAY

1.  Remote Access / VPN (using a PC or a PDA)

2.  Desktop login (in the corporate network – Windows, Mac…)

3.  Remote access using Citrix plugin from Cidway 4.  Webmail access using plugin from Cidway

5.  Application Access (SAP, Oracle, etc.)

radius

SSL VPN Gateway

PDA & Cidway OTP

CIDWAY SERVER


WIFI HOTSPOT ACCESS

•  Securing Internet access via Wifi Hotspots and a Captive Portal (existing CP or the one embedded into the WiFi infrastructure: Cisco WLC, Aruba, HP procurve…)

•  Can be used with Display Cards, Sesami Mobile or SMS-OTP

•  Self-registration Portal in the case of SMS-OTP

•  The interface with the CP is done using Radius protocol

•  Direct connection with Access Points does not work.

•  Subject to complete feasibility analisys

CARACTERISTICS

ADDED VALUE

•  Securing & automatic Internet Access for Guests & Consultants…

•  Traceability for Public Wifi Access (according to European regulation), using sms-otp


CIDWAY key differentiators

Flexibility •  Hardware, sms & Software tokens •  Multi-purpose solution (transaction, authentication, document/email corroboration) •  One single server for multi-channel communication

Cost Optimization •  1 solution secures all remote-access •  Low acquisition, deployment and maintenance costs •  No need for inventory (sms & soft) •  Transaction’s cost reduction and customer retention

Convenience •  1 device & 1 PIN for any access or transaction •  Familiar and user friendly experience •  No need to carry many tokens

Security •  Time based OTP algorithm (One Time Password is “not predictable”) •  Anti-fraud protection against common attacks (e.g. phishing, man in the middle, etc.) •  Secrets are not stored in the Cell-phone (soft token)

Integration •  Easy to integrate within existing infrastructure •  Scalable solution


CIDWAY Some of our Clients, Partners & on-going initiatives

PRODUCT PRESENTATION


CIDWAY GAIA / SESAMI Product Line

One server for multiple tokens

GAIA SDK"Authentication platform SDK

GAIA Server "Authentication platform

SESAMI Mobile"Time based OTP Software token for mobile phones.

SESAMI Mobile SDK"Time based OTP Token SDK for mobile phones

Hardware Tokens

Convergence of physical & logical access"

SESAMI SMS"SMS based OTP for mobile phones

SDK: Software Development Kit

Display Cards

Yubikey


CIDWAY SESAMI Mobile

OK

FEATURES & CHARACTERISTICS

Security

•  Time based OTP with time stamping

•  OTP time management to the second

•  Protection against theft or loss of mobile phone: PIN not stored on Mobile, neither transmitted, neither stored on the server (patented solution)

•  PIN Code selected by the User (no need for temporary PIN sent to the User)

Compatibility

•  Large handset coverage (Windows Mobile, Blackberry, Android, Java, iPhone, iPad)

•  Automatic time synchronization (support of any clock change on the mobile)

•  Multiple transmission methods (Screen display, SMS, WAP, MMS, GPRS, Acoustic, NFC*…)

Functionalities

•  2-factor authentication (User authenticated by the Server)

•  2-way authentication (server is authenticated by the User)

•  Transaction’s signature (guarantee the integrity of transactions, against MitM)

•  Automated registration

•  Time Traceability

•  Mobile SDK for integration into any existing mobile application


1. Download methods •  Over the Air (OTA)

–  Push: triggered by the Bank (e.g. sms-link)

–  Pull: triggered by the User (request on the Web portal of the Bank)

•  Any other communication means –  eMail –  PC Download –  Pre-loaded –  Bluetooth –  Etc.

Distribution

Download Gateway (sample)

2. Download Gateway •  Automatically detects User’s phone

–  Pushes the appropriate application

–  Redirects to appropriate Mobile Store (AppStore…)

3. User Registration •  Automatically Registration

–  UserID & Password (on Mobile)

–  Numeric Code (on Mobile) •  User selects PIN Code (4 to 8 digits)


Display Card 106

•  Dimensions: 85.5mm x 54mm x 0.8mm

•  NagraLam lamination technology

•  OTP OATH algorithm

•  Dynamic one-time password (OTP)

•  Numerical 6-digit display

•  Compliant to a broad list of standards (ISO/IEC, INCITS, ANSI, CQM, others pending)

•  1 to 3-year lifetime* (see warranty)

•  Tamper evident

•  Custom artwork graphics (above 1’000)

•  Card personalization features and options


NagraID Display Card 306

•  1 to 3-year lifetime* (see warranty)

•  Tamper evident

•  Custom artwork graphics (above 1’000)

•  Card personalization features and options

•  Dimensions: 85.5mm x 54mm x 0.8mm

•  NagraLam lamination technology

•  OTP OATH algorithm

•  Dynamic one-time password (OTP)

•  Numerical 6-digit display

•  Compliant to a broad list of standards (ISO/IEC, INCITS, ANSI, CQM, others pending)


YUBIKEYS

•  Physical properties (YubiKey) •  Size: 18 x 45 x 3 mm

Weight: 2,5 grams Material: Plastic Color: Black or white (Other colors available on request)

•  Platform independent •  Compatible with Windows 98SE and onwards, MacOS 9 and

onwards, Linux and Solaris with USB HID support (standard USB driver) and other platforms and devices with a USB host controller.

•  HOATH Algorithm

CARACTERISTICS


CIDWAY SESAMI SMS

FEATURES & CHARACTERISTICS

•  Strong two-factor authentication

•  No need for software installation or activation in the mobile

•  No secret stored in the mobile

•  User convenience – automatic back-up to hardware tokens

•  User can change his mobile phone time zone or time

•  Easy management – no need to maintain inventory

•  Works with any SMS enabled mobile phone or PDA

OTP FEATURES

•  8 decimal digits (or optionally 8 hex-digits)

•  Time-based combined with challenge-response

•  Validity of few seconds (server parameter)

•  Automatic time management by the server •  Easy deployment

•  No stock management

•  Low on-‐going cost


What makes us different from competition?

  PIN & Data protection - Ability to protect secret and sensitive data in mobile phones and PDAs, using Cidway patented solution

  Registration and Activation - Ability to ensure convenient & secure registration procedure for CIDWAY mobile tokens

  Time Management - Ability to time-stamp the OTP and Transaction Signature to the second and to allow an off-line (after-the-fact) verification of the OTP or the Signature.

  Automatic Time Synchronization - Ability to fix in a transparent way for the user and the server the time drift between the token and the server, even if the token is a mobile application.

  2-Factor Authentication – using a time-based OTP generated autonomously on a mobile phone

  2-Way Authentication – ensuring the User he’s connected to the right server

  Transaction Signature – preventing MitM attacks, with uniquely customizable fields

  Mobile SDK – seamless integration into any mobile application ensuring the simplest User experience

TECHNOLOGY

UNIQUE RESPONSE TO MARKET NEEDS

THANK YOU FOR YOUR ATTENTION

For more information, contact:

Laurent FILLIAT VP Strategic Business

Mob. +41 78 842 11 47 Tel. +41 21 331 27 00 Fax +41 21 331 27 09

Email: [email protected]

Cidway Banking 02 2011

Documents

Transcript of Cidway Banking 02 2011