• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Cidway Banking 02 2011
 

Cidway Banking 02 2011

on

  • 870 views

Latest version of Cidway Strong Authentication Solution, including Nagra Display Cards

Latest version of Cidway Strong Authentication Solution, including Nagra Display Cards

Statistics

Views

Total Views
870
Views on SlideShare
869
Embed Views
1

Actions

Likes
0
Downloads
20
Comments
0

1 Embed 1

http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Cidway Banking 02 2011 Cidway Banking 02 2011 Presentation Transcript

    • DISCOVER CIDWAYSecuring Access & Transactions2011Discover the future of security on www.cidway.com
    • Table of Content •  CORPORATE BACKGROUND   Facts & History   Industries •  BUSINESS CASES   Multi Channel authentication & transaction signature for Banks   Corporate Access   Wifi Hotspot Access •  PRODUCT PRESENTATION   Product Line   Tokens Features   Key differentiatorsCopyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 2
    • CORPORATE BACKGROUND
    • CIDWAY – Background Cidway Partners and Customer Services   Created in December 2005   Global presence via partners & resellers   Head Quarters in Lausanne, CH   Support center for Partners   Sales Offices in Switzerland & UK   Support portal available for partners   Internal R&D & Patent Office   Consulting services CIDWAY’s Vision Authentication and transactions should be safe, reliable and easy for anyone, anywhere, anytime This vision is fuelled by:   Meeting virtually all authentication requirements   Making Authentication & Transactions simple, easy, accessible, secure and user friendly   Addressing virtually unlimited vertical applications from one platformCopyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 4
    • Secure Identity, Authentication & Transactions Banking & Finance E-Banking, Mobile-Banking, Transactions signature, Phone Banking, ATM & POS anti-fraud… Mobile Application’s Providers Securing access & transactions for mobile applications (e/m-Commerce, e/m-Gambling, sms authentication…) Mobile Money & Payment P2P mPayment, cardless ATM cash withdrawal, POS mPayment, Bill payment… Enterprise resource access Two-factor authentication to Login to the Desktop / VPN access / Applications / Citrix / Webmail… Homeland Security Airline pilot & vehicle identification physical security solutions (guard exchange id., biometric implementation, etc.) Telecommunications Mobile Top-up, resources access, ASP authentication solution, SIM based OTP… E-Government services Citizens authentication & transaction security, electronic & mobile voting, bill payment… Enable new channels - Improve client’s confidence & loyalty – Lower TCOCopyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 5
    • BUSINESS CASES
    • CIDWAY Multi Channel authentication for BanksImprove  ROI  &  Enable  new  Channels  •  Ra%onalize  the  number  of  authen%ca%on  solu%ons  •  Lower  the  cost  of  acquisi%on  &  maintenance  •  Lower  the  cost  of  deployment  &  replacement  •  Lower  transac%ons’  cost  &  dispute  support   DESKTOP LOGIN ONLINE BANKING REMOTE ACCESS / VPN MOBILE BANKING•  Improve  customer  acquisi%on  &  reten%on  •  Enable  innova%ve  &  revenue  genera%ng  services    Simplify  User  Experience  •  Choice  of  device  (mobile  soCware,  hardware,  sms)  •  A  device  that  the  User  already  has  (mobile  phone)   PHONE•  Simple  &  easy  to  use   BANKING•  One  applica%on  for  many  services  Security    •  A  very  high  level  of  security,  using  %me  based  OTP,  with                 2-­‐way  authen%ca%on  &  Transac%on’s  signature,  combine   with  a  unique  &  patented  PIN    and  secrets  protec%on  on  the   DOCUMENT SIGNATURE Mobile  phone.   & DATA CORROBORATIONIntegra?on    •  Easy  to  integrate  within  exis%ng  bank  infrastructure  (Gaia   Server  or  SDK)  •  Mobile  SDK  for  integra%on  in  any  exis%ng  mobile  applica%on  •  Scalable  &  fail-­‐safe  solu%on   ANTI-FRAUD ATM SMS / EMAIL•  Easy  deployment  (internal  tools)   AUTHENTICATIONCopyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 7
    • Corporate Access - CIDWAY 1.  Remote Access / VPN (using a PC or a PDA) 2.  Desktop login (in the corporate network – Windows, Mac…) 3.  Remote access using Citrix plugin from Cidway 4.  Webmail access using plugin from Cidway 5.  Application Access (SAP, Oracle, etc.) SSL VPN Gateway radius PDA CIDWAY SERVER & Cidway OTPCopyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 8
    • WIFI HOTSPOT ACCESS CARACTERISTICS •  Securing Internet access via Wifi Hotspots and a Captive Portal (existing CP or the one embedded into the WiFi infrastructure: Cisco WLC, Aruba, HP procurve…) •  Can be used with Display Cards, Sesami Mobile or SMS-OTP •  Self-registration Portal in the case of SMS-OTP •  The interface with the CP is done using Radius protocol •  Direct connection with Access Points does not work. •  Subject to complete feasibility analisys ADDED VALUE •  Securing & automatic Internet Access for Guests & Consultants… •  Traceability for Public Wifi Access (according to European regulation), using sms-otpCopyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 9
    • CIDWAY key differentiators Flexibility •  Hardware, sms & Software tokens •  Multi-purpose solution (transaction, authentication, document/email corroboration) •  One single server for multi-channel communication Cost Optimization •  1 solution secures all remote-access •  Low acquisition, deployment and maintenance costs •  No need for inventory (sms & soft) •  Transaction’s cost reduction and customer retention Convenience •  1 device & 1 PIN for any access or transaction •  Familiar and user friendly experience •  No need to carry many tokens Security •  Time based OTP algorithm (One Time Password is “not predictable”) •  Anti-fraud protection against common attacks (e.g. phishing, man in the middle, etc.) •  Secrets are not stored in the Cell-phone (soft token) Integration •  Easy to integrate within existing infrastructure •  Scalable solutionCopyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 10
    • CIDWAY Some of our Clients, Partners & on-going initiativesCopyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 11
    • PRODUCT PRESENTATION
    • CIDWAY GAIA / SESAMI Product Line One server for multiple tokens Display Cards SESAMI Mobile" Hardware Tokens Time based OTP Software token for Convergence of physical & mobile phones. logical access" Yubikey GAIA Server" Authentication platform GAIA SDK" Authentication platform SDK SESAMI Mobile SDK" SESAMI SMS" Time based OTP Token SDK for SMS based OTP for mobile phones mobile phonesSDK: Software Development KitCopyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 13
    • CIDWAY SESAMI Mobile FEATURES & CHARACTERISTICS Security •  Time based OTP with time stamping OK •  OTP time management to the second •  Protection against theft or loss of mobile phone: PIN not stored on Mobile, neither transmitted, neither stored on the server (patented solution) •  PIN Code selected by the User (no need for temporary PIN sent to the User) Compatibility •  Large handset coverage (Windows Mobile, Blackberry, Android, Java, iPhone, iPad) •  Automatic time synchronization (support of any clock change on the mobile) •  Multiple transmission methods (Screen display, SMS, WAP, MMS, GPRS, Acoustic, NFC*…) Functionalities •  2-factor authentication (User authenticated by the Server) •  2-way authentication (server is authenticated by the User) •  Transaction’s signature (guarantee the integrity of transactions, against MitM) •  Automated registration •  Time Traceability •  Mobile SDK for integration into any existing mobile application Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 14
    • Distribution 1. Download methods •  Over the Air (OTA) Download Gateway (sample) –  Push: triggered by the Bank (e.g. sms-link) –  Pull: triggered by the User (request on the Web portal of the Bank) •  Any other communication means –  eMail –  PC Download –  Pre-loaded –  Bluetooth –  Etc. 2. Download Gateway •  Automatically detects User’s phone –  Pushes the appropriate application 3. User Registration •  Automatically Registration –  Redirects to appropriate Mobile Store (AppStore…) –  UserID & Password (on Mobile) –  Numeric Code (on Mobile) •  User selects PIN Code (4 to 8 digits)Copyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 15
    • Display Card 106 •  Dimensions: 85.5mm x 54mm x 0.8mm •  NagraLam lamination technology •  OTP OATH algorithm •  Dynamic one-time password (OTP) •  Numerical 6-digit display •  Compliant to a broad list of standards (ISO/IEC, INCITS, ANSI, CQM, others pending) •  1 to 3-year lifetime* (see warranty) •  Tamper evident •  Custom artwork graphics (above 1’000) •  Card personalization features and optionsCopyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 16
    • NagraID Display Card 306 •  Dimensions: 85.5mm x 54mm x 0.8mm •  NagraLam lamination technology •  OTP OATH algorithm •  Dynamic one-time password (OTP) •  Numerical 6-digit display •  Compliant to a broad list of standards (ISO/ IEC, INCITS, ANSI, CQM, others pending) •  1 to 3-year lifetime* (see warranty) •  Tamper evident •  Custom artwork graphics (above 1’000) •  Card personalization features and optionsCopyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 17
    • YUBIKEYS CARACTERISTICS •  Physical properties (YubiKey) •  Size: 18 x 45 x 3 mm Weight: 2,5 grams Material: Plastic Color: Black or white (Other colors available on request) •  Platform independent •  Compatible with Windows 98SE and onwards, MacOS 9 and onwards, Linux and Solaris with USB HID support (standard USB driver) and other platforms and devices with a USB host controller. •  HOATH AlgorithmCopyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 18
    • CIDWAY SESAMI SMS FEATURES & CHARACTERISTICS •  Strong two-factor authentication •  No need for software installation or activation in the mobile •  No secret stored in the mobile •  User convenience – automatic back-up to hardware tokens •  User can change his mobile phone time zone or time •  Easy management – no need to maintain inventory •  Works with any SMS enabled mobile phone or PDA OTP FEATURES •  8 decimal digits (or optionally 8 hex-digits) •  Time-based combined with challenge-response •  Validity of few seconds (server parameter) •  Automatic time management by the server •  Easy  deployment •  No  stock  management •  Low  on-­‐going  costCopyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 19
    • What makes us different from competition?TECHNOLOGY  PIN & Data protection - Ability to protect secret and sensitive data in mobile phones and PDAs, using Cidway patented solution  Registration and Activation - Ability to ensure convenient & secure registration procedure for CIDWAY mobile tokens  Time Management - Ability to time-stamp the OTP and Transaction Signature to the second and to allow an off-line (after-the-fact) verification of the OTP or the Signature.  Automatic Time Synchronization - Ability to fix in a transparent way for the user and the server the time drift between the token and the server, even if the token is a mobile application.UNIQUE RESPONSE TO MARKET NEEDS  2-Factor Authentication – using a time-based OTP generated autonomously on a mobile phone  2-Way Authentication – ensuring the User he’s connected to the right server  Transaction Signature – preventing MitM attacks, with uniquely customizable fields  Mobile SDK – seamless integration into any mobile application ensuring the simplest User experienceCopyright © 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 20
    • THANK YOU FOR YOUR ATTENTIONFor more information, contact:Laurent FILLIATVP Strategic BusinessMob.+41 78 842 11 47Tel. +41 21 331 27 00Fax +41 21 331 27 09Email: laurent.filliat@cidway.com