Discover the future of security on www.cidway.com
SECURING ACCESS & TRANSACTIONS ON / FROM MOBILE
THE LEVEL OF SECURITY YOU WANT TO ACHIEVE
THE LEVEL OF CONVENIENCE THE USERS WANT
© 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 3
Mobile Access & Transactions Today
Static PIN Code on the Mobile application
Convenient but NOT secure
No Transactions’ signature !
Scenario 1
Mobile application + OTP from hardware Token or SMS
Secure, but NOT convenient
Expensive for the Bank
Potential Transactions’ signature !
Scenario 2
+ or SMS
© 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 4
Mobile Access & Transactions with CIDWAY
Transparent 2FA, MA & TDS
Convenient & Secure
Embedded Cidway mSDK
ü Improved Security, using time-based OTP • Strong Authentication (2FA) • Mutual Authentication (MA) • Transaction/Document signature (TDS)
ü Simplified User Experience • Just a PIN to input • All security features transparent to the User
ü Decreased Total Cost of Ownership • No additional hardware components • No additional software application • Less Support
ü Simplified Deployment • Only one application with Cidway mSDK embedded
ü Extended Scope • mBanking • mCommerce • mPayment • mHealth • Mobility • Etc.
cured by CIDWAY
© 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 5
Secure Mobile Applications & Simplify User Experience
Improved Security • Secure Login with real time-based OTP • Sign Transactions/Documents/Data with time-based TDS • Mutual Authentication (Server authenticates to Mobile) with time-based OTP • Real time-based OTP (1 second increment) with time-stamping • Data encryption within SSL tunnel (in case it’s compromised) using synchronous OTP (without transmitting keys over the
Network) • No-PIN patented protection (PIN Code not stored on the mobile, never transmitted over the network, neither stored on the server) • Embedded Secure Virtual Keyboard • Jailbrake/Root detection – even prevents Xcon (iOS) • Anti-cloning solution (based on signed Logs & hardware binding) • Secure Download from mobile public stores (to prevent a rogue application to steal User’s credentials) • Secure provisioning process on the fly • Support of multiple-devices for one User with multiple keys (even if same PIN Code used)
Simplified User Experience Enable high-level security without additional components/elements, in a transparent way for the User • Easy Login (secured by a transparent 2FA & Mutual Authentication): just input a PIN Code • Easy Transaction/Document Signature (signing the entire Transaction Data): just input a PIN Code, no additional data to input • Easy Registration Process & Renewal process (when phone is changed/lost/stolen) • Automatic & transparent time-resynchronization, even if User changes the clock of his phone • Multiple Devices with same PIN Code (without additional security risks) • Multiple Users on the same device
Seamless Integration Simple integration of Cidway SDKs into existing or future Applications • Integration of MobileSDK into existing mobile application (native mSDK available for all platforms) • Integration of ServerSDK (available on any OS, agnostic of Databases & Users Directory) into existing Application Server or
Authentication Platform • Professional Services & Training readily available from Cidway with significant experience • Potential adaptations/modifications, as it’s Cidway’s own source code
© 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 6
APPLICATION SERVER
(mBanking, mCommerce, mPayment, Mobility, etc.)
Integration of CIDWAY MobileSDK into existing
Mobile Application
Integration of CIDWAY ServerSDK into existing Application Server or
Authentication Platform
Integration of CIDWAY SDKs
1 2
Available on any OS, agnostic of Database & User Directory
CIDWAY mSDK
Cidway ServerSDK
Cidway Gaia Server
WebServices
Interface of CIDWAY GaiaServer with existing
Application Server OR
Integrate ServerSDK or Interface GaiaServer
© 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 7
User Experience & Process : Secure Access & Transaction/Data Signature Th
e si
mpl
est U
ser E
xper
ienc
e
Fully
tran
spar
ent f
or th
e U
ser
SECURE ACCESS
TRANSACTION SIGNATURE
© 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 8
Business Cases
mBanking ü Strong Authentication ü Mutual Authentication ü Transaction Signature ü End-to-end data encryption ü Anti-cloning ü Jailbrake/Root detection
ü Secure & simple authentication of Users ü Multiple Users per device ü Document Signature (including data
integrity & time-stamping) ü Complementary to MDM
Mobility
ü Secure mCommerce transactions (Transaction Signature, protects also CC data)
ü Simplify User Experience ü Automate 3DSecure transactions on
Mobile
mCommerce ü Secure Access to medical records ü Sign data when records modified and/or
added ü Authenticate patient ü Secure patient data communication
mHealth
© 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 9
OK
ü What are the risks if I loose my phone ? ü What are the risks to download a rogue application from a mobile public store ? ü How easy is it to activate the application and what are the risks during the process ? ü Is the User Experience really easy ? ü What are the risks of brute force, man in the middle and other sophisticated attacks ? ü Did the application pass penetration tests ? ü What are the coding techniques to guarantee top security ? ü Are they credentials transmitted over the air ? What are the risks ? ü Is it real time based ? With time-stamping ? ü What happens when the user changes the phone’s clock ? ü Does it work on all Mobile platforms ? ü Does the solution considered supports real time-based : OTP, mutual-authentication & transaction
signature ? ü Does the solution supports Jailbrake/Root detection (even with xcon on iOS) ? ü Does the solution embeds a secure virtual keyboard ? ü Does the solution supports end-to-end data encryption within SSL channel ? ü Does the solution prevents from Cloning ? ü Is the secret key protected from mobile backups usually not encrypted and potentially stored on the
cloud ?
FAQ on Mobile Authentication Cidway Mobile technology is the answer
Top Related