• Save
Secure E-Banking with KOBIL technologies
Upcoming SlideShare
Loading in...5
×
 

Secure E-Banking with KOBIL technologies

on

  • 1,886 views

KOBIL stands for secure data and communication on any computer in the world. Whether for business or private use, we offer optimum protection for every online workplace and make e-banking a simple and ...

KOBIL stands for secure data and communication on any computer in the world. Whether for business or private use, we offer optimum protection for every online workplace and make e-banking a simple and comfortable process. Our vision is simple: a secure workplace now and in the future.

Statistics

Views

Total Views
1,886
Views on SlideShare
1,886
Embed Views
0

Actions

Likes
1
Downloads
0
Comments
1

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • so great!! please let me download its.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Online banking is more than e-banking : - Customers require inovative services instead of standardized products and services - Increase sales efficiency - Increase competitiveness Meet customer requirements Banking is no more a local service, online banking makes it global
  • - Latest statics shows the following result. - The arguments against online banking is listed from the most important
  • - Online b anking is the worldwide target for numerous attacks N ew types of attacks emerges everyday Protection is a challange against o rganized cyber crime C onventional tools are not enough anymore
  • Software solutions : Virtual smart cards Soft certificates Soft OTP generators (on PC or on mobile phones) Software-only hardening techniques Basic OTPs, C&R OTPs : Scratch list s Basic OTP tokens (single button, time-based, etc.) Grid cards SMS OTP : It can be bounded to transaction data on banks side, but bank can not be sure who prepared the received transaction data in the first place EMV-CAP : - Unconnected readers (without OPTIC sensors) PKI Solutions : Smart card readers USB tokens
  • Zero foot print : No installation, no configuration, no admin rights is needed. No trace left on PC Enables (simplifies) digital signatures via PKI smart card for end users Seamless security : Hardening mechanisms running in the back stage Secure user transaction without user involvement Always up-to-date : Changes happen in standards, trends, security needs, advanced attack techniques, IT-infrastructure Changes can always be managed in the field 5-years functional waranty : Your investment is secure by flexible technology (replaceable smart card, remote update technology) Future proof
  • Plug mIdentity into any PC : - any PC, your PC, foreign PC, public PC - no installation is needed - no configuration is needed - no admin right is needed - only requirement ; open USB port and Internet connectivity Check for latest updates : - Device connects to update server which typically hosted by the bank - Both firmware (hardware) & application (software) updates are possible Smart card is used for strong authentication : for only user login for only transaction signing or both Remove mIDentity : - Automatic disconnection process erases any traces on PC
  • Corporate and SME c ustomer s : - O nline transactions - T rade finance (LC, Accreditives etc) - O nline credit approval and credit management O nline stock exchange Retail c ustomer s : - Convenience and high-end security Other s ervices for third parties : - Bank is a „trustworthy“ place where merchants can place special offers for the Bank‘s customers e.g. i nsurance Multi b ank s upport : Electronic Banking Internet Communication Standard ( EBICS ) is a transmission protocol for banking information for usage by banking clients. Single Euro Payments Area (SEPA) concentrates on standardisation of clearing protocols in the interbank networks. Secure communication : - Web a pplications - Strong user authentication - Transaction signing by s mart card Secure d ocument exchange : - Sign PDF documents by s mart card - Bank sends electronic documents - Customer sends signed orders/forms back 4-eye principle : - Multiple s ignatures are possible - Accountant creates transaction His /her manager approves it by his /her signature Top managers approves all by additional signature
  • Smart card & certificate : A SIM-sized smart card is inserted in the device Smart card is PIN protected Digital certificates can be stored on smart card Smart card and certificate can be used for web login Smart card and certificate can be used to digitally sign user transactions Hardened web browser : Installed (default) web browser on PC is not used A protected & customized on board web browser is used for secure online banking Implemented security mechanisms stops phishing attacks Smart Security Management : All devices in the field can be updated remotely & securely Both firmware (hardware) and application (software) updates are possible
  • URL protection : Whitelist of URL is used User can not surf or be directed in malicious web sites Web browser URL address bar can be disabled Trusted SSL certificates : Only preconfigured web certificates are trusted User can not import additional trusted certificates Two factor authentication : Smart card and PIN is used for login and/or transaction signing Additional mechanisms are implemented to secure smart card usage Anti hacking mechanisms : Many security mechansims are implemented against well known attack types All these mechanisms are implemented for the last 5 years and this is a continuous (never ending) research & development
  • Easy infrastructure i ntegration and modular design for future needs : Integration of the solution into existing systems is easy Modular design allows you to start with simple functionality and then add more in the future without any fundamental changes in the infrastructure (start with login-only, then later add transaction signing or add OTP management– SecOPTIC – in the future) Central and anonymous smart card personalization and distiribution : KOBIL developed an anonymous card production system which is widely accepted by banks This solutions allows low cost card production and roll-out Easy a ctivation m ethods for end users : Random distribution of anonym devices and cards are possible With the first time usage, user can define smart card PIN and register his card and device remotely Central device and application management : Infrastructure allows full control of rolled-out devices in the field Remote & secure updates for firmware and applications : - No need to collect back devices for future needs
  • - IT standards and technologies continuous ly change - m ID entity technolog y is always up-to-date for IT infrastructure change ( b ackend system) IT extension New requirements - No restrictions for security and usage Cost Introduction of new technologies have a linear cost development KOBIL m ID entity has constant costs – despite adaptable technology The longer KOBIL m ID entity technology is in usage the more it become cost-saving
  • Zero adherence : Transaction data goes out of PC There is no dependency to used PC No PC resource is used for data protection No security concerns for PC, operating system, web browser Protection even against man-in-the-machine attacks Sign what you see : Transaction data is verified on secure offline device display If PC or OS or web browser is hacked and transaction data is modified by hackers, then user can detect the data manipulation on device display Multi-channel capability : - Besided Transaction Data Signing (TDS) OTP via flickering bar code, Basic OTP generator is included for telephone banking, ATM, e-banking login etc.
  • Login into your web account : User can login into his bank account with only a user name and static password (classic method) or can use SecOPTIC device to generate a basic OTP (no transaction signing) to use at login time In the confirmation page, a flickering bar code will be shown : Flickering bar code is generated on bank web server based on user transaction data (send at step-2) Additionally a bank server challenge (which is valid for a certain time) can be included in flickering bar code Place the optical sensor on PC monitor : There are 5 optical sensors behind the device These sensors should look at the flickering bar code on PC monitor User transaction data will be transfered from PC monitor to SecOPTIC device Verify the transaction data on device display : Now user can see the transaction data on device display If transaction data (which is entered at step-2) is modified by hackers or if flickering code is modified, then user will see a different transaction data (recepient account no and/or amount) If transaction data is modified, then user can stop at this step and transaction is not completed Enter the generated signature code into confirmation page to complete the transaction : - User transaction is digitally signed by user private key in SecOPTIC device
  • Optical sensors : There is no need to manually enter the transaction data into device User can see and sign the data on device Removable battery : User can change and keep using device for a long period Removal of battery before device disposal Smart Security Management : Device management, lock/unlock, resyncronization Transaction data signature verification
  • Large d isplay and easy menu navigation : Ease of use for end users Cost effective alternative to smart card readers : A complete solution, no need for additional smart card Security for advanced attacks : Protection even against man-in-the-machine attacks Time limit for generated OTP : Typical time-based OTP devices has a clock inside and cause many syncronization problems SecOPTIC has no clock in hardware, but server can set a time limit for received user transaction data to be signed by device DSA t echnolog y : KOBIL developed advanced algorithm to improve optical reading capability of SecOPTIC Less error rate while reading transaction data from a PC monitor
  • Easy infrastructure i ntegration and modular design for future needs : Integration of the solution into existing systems is easy Modular design allows you to start with simple functionality and then add more in the future without any fundamental changes in the infrastructure (start with login-only, then later add transaction signing or add digital certificate management– mIDentity – in the future) Already personalized for anonymous deployment : Devices are delivered to bank in bulk, all of them are personalized The bank loads device data into management system Devices can be distributed randomly to end users Easy a ctivation m ethods for end users : User can activate (assign) anonymous device to his/her account with the first time usage Central device management : - Devices can be locked, unlocked or removed from the system Remote and self service resyncronization : Users can start re-syncronization procedure by themselves Device shows the necessary data for re-syncronization
  • Zero adherence : Transaction data goes out of PC There is no dependency to used PC No PC resource is used for data protection No security concerns for PC, operating system, web browser Protection even against man-in-the-machine attacks Sign what you see : Transaction data is verified on secure offline device display If PC or OS or web browser is hacked and transaction data is modified by hackers, then user can detect the data manipulation on device display Multi application : - Since a credit or debit card is used, the same technology can be used for different applications, like online shopping, 3D-secure applications, etc.
  • Login into your web account : User can login into his bank account with only a user name and static password (classic method) or can use bank smart card and offline reader to generate a basic OTP (no transaction signing) to use at login time In the confirmation page, a flickering bar code will be shown : Flickering bar code is generated on bank web server based on user transaction data (send at step-2) Place the optical sensor on PC monitor : There are 5 optical sensors behind the reader These sensors should look at the flickering bar code on PC monitor User transaction data will be transfered from PC monitor to smart card reader Verify the transaction data on device display : Now user can see the transaction data on smart card reader display If transaction data (which is entered at step-2) is modified by hackers or if flickering code is modified, then user will see a different transaction data (recepient account no and/or amount) If transaction data is modified, then user can stop at this step and transaction is not completed Enter the generated signature code into confirmation page to complete the transaction : - User transaction is digitally signed by user private key in smart card (credit or debit)
  • Optical sensors : There is no need to manually enter the transaction data into device User can see and sign the data on device Removable battery : User can change and keep using device for a long period Removal of battery before device disposal Credit or debit card : - Use of bank card allows secure payment for online shops
  • Large d isplay , big keypad and easy menu navigation : Ease of use for end users Security for advanced attacks : Protection even against man-in-the-machine attacks LEGO Design : - Design based on market research on real customers. DSA t echnolog y : KOBIL developed advanced algorithm to improve optical reading capability of SecOPTIC Less error rate while reading transaction data from a PC monitor

Secure E-Banking with KOBIL technologies Secure E-Banking with KOBIL technologies Presentation Transcript

  • Innovative Security Solutions KOBIL - the technology company KOBIL Systems GmbH • Marketing Department, 19. Mai 2011
  • Potential of Online B anking
    • Fast Internet access and low cost PCs enabled online banking channel from anywhere and anytime
    • Many banks offer similiar and basic online services, but real potential is not unleashed yet
    • Binding transaction, document exchange, authentic communication bring more opportunities
    • Future banking is coming through advanced online services like e-commerce, e-trade, etc.
    • Online banking is more than e-banking
  • Customer Concerns on e-Banking
    • Many customers find online banking very risky
    • Clients fear from Phishing
    • Bank does not accept responsibility on frauds
    • Customers think that the branch offices are more secure
    • Viruses, Worms, Trojans
  • Daily Frauds on e- B anking „ Thieves Hack French Presidents Bank Account“ „ 400 Million Credit Card Numbers Hacked“ „ Investigators Replicate Nokia 1100 Online Banking Hack“ „ Cyber crime attacks increase as malware trends plateaued in the last 12 month“ „ 300+ Bank homepages hacked and redirected!“
  • Hacking Techniques are Advancing
    • Fast Internet enables global attacks
    • Hackers are more organized and targeting financial institutions
    • Latest antivirus and personal firewalls can not stop complicated attacks
    • Basic protections (anti-keylogger, virtual keypad) are not enough
    • Man-in-the-middle, man-in-the-browser, man-in-the-machine are not futuristic attacks anymore
  • Today’s e-Banking Digital IDs
    • Software-only solutions – any software can be easily modified, (even in mobile phones)
    • Basic OTPs, C&R OTPs – no transaction data binding, open to very basic attacks like phishing
    • SMS OTP – mobile phones are open to phishing
    • EMV-CAP – Basic OTP and C&R OTP modes are weak, TDS mode is hard to use
    • PKI solutions– client installation requires so many support, complex infrastructure, expensive
  • Positioning Our Solutions
    • Secure online banking from anywhere and anytime.
    • Convenience, ease of use and mobility
    • International standards, modular design, s eamless integration , easy management,
    • Highly secure, approved by authorities, true transaction signing, updatable technology
    • Low TCO and High ROI through innovations
    Maximum Security Maximum Convenience Challenge Response One Time Password OTP Certificate Technology Static Password SMS OTP KOBIL Innovations
  • Secure o nline banking anywhere and anytime
  • KOBIL m ID entity technology
  • How it works
    • Plug m ID entity into any PC
    • Check for latest updates
    • Pre-configured on-board browser connects to bank web portal
    • Smart card is used for strong authentication (user and/ or transaction)
    • Remove m ID entity
    • Online banking ( Corporate , SME, Retail )
    • Multi-Bank Support (EBICS , SEPA )
    • Secure communication
    • Secure data & document exchange
    • Ready for 4-eye principle
    Application Areas
  • Key facts Hardened web b rowser No c hance for phishing Remote & secure updates Smart S ecurtiy M anagement S mart c ard & certificate Login and/or transaction signing
  • The most secure browser URL protection T wo factor authentication Anti hacking mechanism s Trusted SSL certificates More than 5 years of research & development More than 1 million online users
    • Easy infrastructure i ntegration and
    • modular design for future needs
    • Central and anonymous smart card personalization and distiribution
    • Easy a ctivation m ethods for end users
    • Central device and application management
    • Remote & secure updates for firmware
    • and applications
    Smart Security Management
    • KOBIL m ID entity stays in sync with e volving technology
    Low TCO & High ROI Time Technology IT infrastructure KOBIL m ID entity
  • KOBIL SecOPTIC Technology
  • How it works
    • Login into your web account
    • Fill a trasaction form and send it to bank server
    • In the confirmation page, a flickering bar code will be shown
    • Place the optical sensor on PC monitor
    • Verify the transaction data on device display
    • Enter the generated signature code into confirmation page to complete the transaction
  • Key facts Verification and management Smart S ecurtiy M anagement Removable battery Long life and environment protection Optical sensors Easy data transfer for true transaction signing
  • More Key Facts
    • Large d isplay and easy menu navigation
    • Cost effective alternative to smart card readers
    • Security for advanced attacks
    • Time limit for generated OTP
    • Left/right hand support
    • Multi language support
    • DSA t echnolog y (Dynamic Signal Analysis)
    • Easy infrastructure i ntegration and modular design for future needs
    • Already personalized for anonymous deployment
    • Easy a ctivation m ethods for end users
    • Central device management
    • Remote and self service resyncronization
    Smart Security Management
  • KOBIL Optical Reader Technology
  • How it works
    • Login into your web account
    • Fill a transaction form and send it to bank server
    • In the confirmation page, a flickering bar code will be shown
    • Insert your credit card into offline reader
    • Place the optical sensor on PC monitor
    • Verify the transaction data on reader display
    • Enter the generated signature code into confirmation page to complete the transaction
  • Key facts Removable battery Long life and environment protection Credit or debit c ard International s tandards and online shopping Easy data transfer for true transaction signing Optical sensors
  • More Key Facts
    • Large d isplay , big keypad and easy menu navigation
    • Security for advanced attacks
    • LEGO design
    • Left/righ t hand support
    • Multi language support
    • DSA Technolog y (Dynamic Signal Analysis)
    Millions of users
  • any question … ? Oemer Izci Marketing Manager E-Mail: marketing@kobil.com Phone: +49 6241 3004-0