3SKey Overview


Published on

SWIFT BNL Forum 2012

Published in: Economy & Finance, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

3SKey Overview

  1. 1. SWIFT Secure Signature Key BeNeLux Forum Thomas Peeters La Hulpe – 25th May 2012Agenda Market Drivers – Digital Identity Corporate & bank requirements 3SKey solution Usage Options Roll-out statusSWIFT 3SKey Overview – 2012 2
  2. 2. Why personal signatures? Authorise financial data at the level of one or multiple individuals Corporate Dematerialisation of control approvals through Transaction approval digital signatures Tracking of WHAT, WHEN and WHO Security Audit Reduction of manual Checking of signatures’ processes. e.g. entitlements delegated Paper, fax,… to the bank Automation Bank control SWIFT 3SKey Overview – 2012 3Corporate challenges Multiple devices Forgot your password? Security concerns Maintenance Difficult systems Training Not uniform TCO Digipass Costly Revocation Heavy processes Tokens Manual actions Administration Readers Several banks Software installation FAX Access management SWIFT 3SKey Overview – 2012 4
  3. 3. 3SKey Solution Community Perspectives • Interoperable: multi-subscriber, multi-application, multi-channel and multi-country • Non-repudiation: PKI digital signature - WHO, WHAT, WHEN • Highly secure: personal certificates and secure keys stored on hardware token • Reducing costs: single shared CA infrastructure & operations BUT ALSO • Banks do not want to rely on registration activity and/or PKI infrastructure of each other • Each subscriber must do its own registration and comply with its own Know-Your-Customer rules SWIFT 3SKey Overview – 2012 5 3SKey in 4 steps1 Obtain token Revoked ? Revoked ? Activate token on2 3SKey Portal Register token with3 John one or multiple banks John John =corp12345678 =corp12345678 =corp12345678 Authenticate or sign4 messages on multiple channels John corp12345678 SWIFT 3SKey Overview – 2012 6
  4. 4. Option 1: Bank verifies signatories and entitlements Application John Bank Accounts payable Accounts receivable Rosie Checking of signatures’ Treasury entitlements delegated to the bank Other Corporate A Signatories and entitlements Treasury payments 10 Million max John Paul Accounts receivables 5 Million max Rosie Corporate A Supplier payments 1 Million max Paul SWIFT 3SKey Overview – 2012 7 Option 2: In-house personal signatures Application John Signatories and entitlements Bank Accounts Treasury payments payable 10 Million max John Accounts receivable Accounts receivablesRosie 5 Million max Rosie Treasury Supplier payments 1 Million max Other Paul Paul Checking of signatures’ entitlements in-house by the Corporate Corporate SWIFT 3SKey Overview – 2012 8
  5. 5. Option 3: 2 factor authentication John Bank Rosie Web application 1 HAVE User needs to have a 3SKey token Paul KNOWCorporate 2 User needs to enter a personal password SWIFT 3SKey Overview – 2012 9 Enabling your applications for 3SKey SWIFTs personal digital signature • “One” Solution solution will set a new standard for • “One” Process signing financial messages and files • “One” Integration Signature Registration Verification CRL Check 45678 = Signing Token Management 3SKey specifications are available • Developer Specifications • Corporate and Bank Toolkits • 3SKey Tokens with certificates SWIFT 3SKey Overview – 2012 10
  6. 6. 3SKey solution components Corporate SubscriberApplications Applications Build on Industry Standards 3SKey Developer Toolkit • PKI Token management support • X.509 V3 certificates • RSA keys of 2048 bits • SHA 256 digest Revocation calculation3SKey 3SKey Check • PKCS #7 formattedTokens Portal signatures Facility SWIFT PKI InfrastructureSWIFT 3SKey Overview – 2012 11Key benefits For Corporates One token, one process, one password across banks, networks and countries For Banks Cost effective use of shared infrastructure whilst keeping control over the user identity For Vendors Benefit from interoperable solution, easy to integrate and can be used across banks globallySWIFT 3SKey Overview – 2012 12
  7. 7. Roll-out Status 42 application vendors 25 banking groups +20,000 tokens distributed +9,000 activated users 80 countries SWIFT 3SKey Overview – 2012 13 Product evolutionmore countries Mobile cert’s Ease of use more banks (Portal) R&D New distribution SWIFT 3SKey Overview – 2012 models 14
  8. 8. Thank you… D E WSWIFT 3SKey Overview – 2012 15