MOBILE-FIRST OR MOBILE-ONLY, GETTING THE BALANCE … · Mobile-First or Mobile-Only, getting the...
Transcript of MOBILE-FIRST OR MOBILE-ONLY, GETTING THE BALANCE … · Mobile-First or Mobile-Only, getting the...
MOBILE-FIRST OR MOBILE-ONLY, GETTING THE BALANCE RIGHT BETWEEN UX AND SECURITY REMAINS A CRITICAL CONSIDERATION
Er Chiang Kai
Chief Technology Officer
2018-07-23
Mobile-First or Mobile-Only, getting the balance right between UX and Security remains a critical consideration
2
Mobile Platform Risks1
Virtual Secure Element and Solutions2
Security Embedded Within User Experience3
About V-Key4
MOBILE PLATFORM RISKS1
Banking Model of the FutureMobile at the epicenter of customer experience
4
Bank Branch Online
Mail / MessagingCall Center
Open API
PastFuture
Source: Deloitte 2018 Banking Outlook report.
The impact of mobile cybercrime
5
Source: Kaspersky Labs 2017
Up toUS$1.64 millionper incident
SMS & banking trojan
Vulnerable app store
Hardware backdoor
Software backdoor
Spyware
Typical Mobile App
7
Mobile App
App Server
Keylogging
Man-in-the-middle attack
Stealing sensitive data
Overlay
attack
VIRTUAL SECURE ELEMENT & SOLUTIONS2
The global trust ecosystem is built on the smart card
… But there’s a LIMIT to how far and fast they can scale
10
B A N K S
G O V E R N M E N T
T E L C O S
M O B I L E
B A N K S
G O V E R N M E N T
T E L C O S
M O B I L E
HARDWARESECURE ELEMENT
B A N K S
G O V E R N M E N T
T E L C O S
M O B I L E
HARDWARESECURE ELEMENT
MICRO CONTROLLER
TAMPER PROTECTION FILM
HARDWARESECURE ELEMENT
MICRO CONTROLLER
TAMPER PROTECTION FILM
VIRTUALSECURE ELEMENT
TAMPER PROTECTION SYSTEM
CRYPTOGRAPHIC VIRTUAL MACHINE
VIRTUALSECURE ELEMENT
V-OS
PATENTED
USA, Australia, SingaporePending: China, EU
VIRTUALSECURE ELEMENT
Certifications and Global Standards
Proven resiliency in multiple global
penetration testsV-OS
PATENTED
USA, Australia, SingaporePending: China, EU
Regulatory Compliance
HOW IT’S USED
V-OS is embedded within an iOS or Android mobile app
SECURING CRITICAL DATA & PROCESSING
UNTRUSTEDOS
UNTRUSTED APPS
SECUREAPP
Root of Trust
Intrusion Prevention System (IPS)
➢
➢
Intrusion Prevention System (IPS)
Root of Trust
Secure Digitized Use Cases
Mobile Identity
Smart Token (OTP/PKI)
Secure Messaging
Application Protection
Seamless Authentication
Document Signing
Electronic KYC
Mobile Biometrics
Secure DigitizedUse Cases
TrustedStorage
TrustedCrypto-graphy
V-OSVirtual Secure Element
Mobile Identity APIsFor iOS/Android apps
23
V-OS SMART TOKEN / V-OS MESSAGING
SMART TOKEN PUSH AUTH/AUTHORIZATION
AuthenticatedAuthenticating
SHADOW AUTH
339941484647
V-OS eKYC - ONBOARDING 1/5
24
User performs eKYC to sign up for onboarding:
1. User downloads and logs in to MB app2. User opens an account using biometric passport3. User registers using biometric Face Scan4. Account successfully opened
eKYC – Account Opening With Biometric Passport 2/5
25
26
eKYC – Account Opening With Biometric Passport 3/5
eKYC - User Validation With Facial Recognition 4/5
27
eKYC - Account Successfully Opened/ Onboarding 5/5
28
V-OS APP PROTECTION
29
Mobile App
App Server
Keylogging
Man-in-the-middle attack
Stealing sensitive data
Overlay
attack
Secure GUI
SSL pinning
Multiplex App Data Security (MADS)
- device-bound data encryption
Overlay
detection
Root/Jailbreak detection
Malware detection
App integrity
protection
V-OS App
Protection Server
Threat intelligence
SECURITY EMBEDDED WITHIN USER EXPERIENCE
3
AuthenticatedAuthenticating
Authentication
CostlyReplacements
Dynamic
Scalable
Safer
Inconvenient Convenient
Delayed detection of lost device
Vulnerability => replace device
Immediate detection of lost
device
Vulnerability => over-the-air update
Risk of OTP stealing End-to-end security
Cumbersome UX Seamless UX
UX Options – Authentication
Hardware OTP Token V-OS Smart Token
Display OTP in token, then enter in UI Display OTP in app, then enter in UI
Invisible to user – just authenticate with server
Slow down UI, show “Authenticating”
Authenticate user with biometrics
User to enter Smart Token PIN
Secure push notification, then tap to allow
Scan dynamic QR code, then tap to allow
…
…
Use combinations of above, for different user journeys
34
35
V-OS AuthenticationReplacing hardware tokens and SMS OTPs
V-OS MESSAGING
Authenticate with a single tap
Out-of-band authentication
PKI Technology
36
V-OS Authorization
PAPERLESS
SAVE TIME
NON-REPUDIATION
REDUCE COST
PAVE THE WAY FOR AUTOMATION
Mobile App Security
37
Device Binding
Encrypted Storage
Secure Messaging
App Protection
Jailbreak / Root Detection
Face Authentication
Voice Authentication
One-Time Password or PKI-based Transaction Signing
Eye Authentication
Fingerprint Authentication
Security embedded within UX
ABOUT V-KEY4
Corporate overview
US $16M raisedLed by Ant Financial & IPV Capital
7+ yearsRedefining mobile security
85+ cybersecurity expertsBased out of Singapore, Ho Chi Minh, Manila and growing!
Thank YouFor any enquiries, please contact us at [email protected]