Cidway Secure Mobile Access Transactions Short 05 12


Published on

Achieve the level of security required by service providers of mobile applications with the simplicity the Consumer wishes...

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cidway Secure Mobile Access Transactions Short 05 12

  1. 1. SECURING ACCESS & TRANSACTIONS ON / FROM MOBILE Discover the future of security on
  3. 3. Mobile Access & Transactions Today Scenario 1 Scenario 2 + or SMS Static PIN Code on the Mobile Mobile application + OTP from hardware Token or SMS application Secure, but NOT convenient Convenient but NOT secure Expensive for the Bank No Transactions’ signature ! Potential Transactions’ signature !© 2012 CIDWAY Security SA. All rights reserved – 3
  4. 4. Mobile Access & Transactions with CIDWAY ü  Improved Security, using time-based OTP •  Strong Authentication (2FA) Embedded Cidway mSDK •  Mutual Authentication (MA) •  Transaction/Document signature (TDS) ü  Simplified User Experience •  Just a PIN to input •  All security features transparent to the User ü  Decreased Total Cost of Ownership •  No additional hardware components •  No additional software application cured by CIDWAY •  Less Support ü  Simplified Deployment •  Only one application with Cidway mSDK embedded ü  Extended Scope Transparent 2FA, MA & TDS •  mBanking •  mCommerce •  mPayment Convenient & Secure •  mHealth •  Mobility •  Etc.© 2012 CIDWAY Security SA. All rights reserved – 4
  5. 5. Secure Mobile Applications & Simplify User Experience Improved Security •  Secure Login with real time-based OTP •  Sign Transactions/Documents/Data with time-based TDS •  Mutual Authentication (Server authenticates to Mobile) with time-based OTP •  Real time-based OTP (1 second increment) with time-stamping •  Data encryption within SSL tunnel (in case it’s compromised) using synchronous OTP (without transmitting keys over the Network) •  No-PIN patented protection (PIN Code not stored on the mobile, never transmitted over the network, neither stored on the server) •  Embedded Secure Virtual Keyboard •  Jailbrake/Root detection – even prevents Xcon (iOS) •  Anti-cloning solution (based on signed Logs & hardware binding) •  Secure Download from mobile public stores (to prevent a rogue application to steal User’s credentials) •  Secure provisioning process on the fly •  Support of multiple-devices for one User with multiple keys (even if same PIN Code used) Simplified User Experience Enable high-level security without additional components/elements, in a transparent way for the User •  Easy Login (secured by a transparent 2FA & Mutual Authentication): just input a PIN Code •  Easy Transaction/Document Signature (signing the entire Transaction Data): just input a PIN Code, no additional data to input •  Easy Registration Process & Renewal process (when phone is changed/lost/stolen) •  Automatic & transparent time-resynchronization, even if User changes the clock of his phone •  Multiple Devices with same PIN Code (without additional security risks) •  Multiple Users on the same device Seamless Integration Simple integration of Cidway SDKs into existing or future Applications •  Integration of MobileSDK into existing mobile application (native mSDK available for all platforms) •  Integration of ServerSDK (available on any OS, agnostic of Databases & Users Directory) into existing Application Server or Authentication Platform •  Professional Services & Training readily available from Cidway with significant experience •  Potential adaptations/modifications, as it’s Cidway’s own source code© 2012 CIDWAY Security SA. All rights reserved – 5
  6. 6. Integration of CIDWAY SDKs APPLICATION SERVER (mBanking, mCommerce, mPayment, Mobility, etc.) WebServices Cidway CIDWAY mSDK Cidway ServerSDK Gaia Server 1   2   Integration of CIDWAY Integration of CIDWAY ServerSDK Interface of CIDWAY MobileSDK into existing into existing Application Server or OR GaiaServer with existing Mobile Application Authentication Platform Application Server Available on any OS, agnostic of Database & User Directory Integrate ServerSDK or Interface GaiaServer© 2012 CIDWAY Security SA. All rights reserved – 6
  7. 7. User Experience & Process : Secure Access & Transaction/Data Signature Fully transparent for the User The simplest User Experience SECURE ACCESS TRANSACTION SIGNATURE© 2012 CIDWAY Security SA. All rights reserved – 7
  8. 8. Business Cases mBanking Mobility ü  Strong Authentication ü  Secure & simple authentication of Users ü  Mutual Authentication ü  Multiple Users per device ü  Transaction Signature ü  Document Signature (including data ü  End-to-end data encryption integrity & time-stamping) ü  Anti-cloning ü  Complementary to MDM ü  Jailbrake/Root detection mCommerce mHealth ü  Secure mCommerce transactions ü  Secure Access to medical records (Transaction Signature, protects ü  Sign data when records modified and/or also CC data) added ü  Simplify User Experience ü  Authenticate patient ü  Automate 3DSecure transactions on ü  Secure patient data communication Mobile© 2012 CIDWAY Security SA. All rights reserved – 8
  9. 9. FAQ on Mobile Authentication Cidway Mobile technology is the answer ü  What are the risks if I loose my phone ? ü  What are the risks to download a rogue application from a mobile public store ? ü  OK How easy is it to activate the application and what are the risks during the process ? ü  Is the User Experience really easy ? ü  What are the risks of brute force, man in the middle and other sophisticated attacks ? ü  Did the application pass penetration tests ? ü  What are the coding techniques to guarantee top security ? ü  Are they credentials transmitted over the air ? What are the risks ? ü  Is it real time based ? With time-stamping ? ü  What happens when the user changes the phone’s clock ? ü  Does it work on all Mobile platforms ? ü  Does the solution considered supports real time-based : OTP, mutual-authentication & transaction signature ? ü  Does the solution supports Jailbrake/Root detection (even with xcon on iOS) ? ü  Does the solution embeds a secure virtual keyboard ? ü  Does the solution supports end-to-end data encryption within SSL channel ? ü  Does the solution prevents from Cloning ? ü  Is the secret key protected from mobile backups usually not encrypted and potentially stored on the cloud ?© 2012 CIDWAY Security SA. All rights reserved – 9