KOBIL stands for secure data and communication on any computer in the world. Whether for business or private use, we offer optimum protection for every online workplace and make e-banking a simple and comfortable process. Our vision is simple: a secure workplace now and in the future.
4. Daily Frauds on e- B anking „ Thieves Hack French Presidents Bank Account“ „ 400 Million Credit Card Numbers Hacked“ „ Investigators Replicate Nokia 1100 Online Banking Hack“ „ Cyber crime attacks increase as malware trends plateaued in the last 12 month“ „ 300+ Bank homepages hacked and redirected!“
12. Key facts Hardened web b rowser No c hance for phishing Remote & secure updates Smart S ecurtiy M anagement S mart c ard & certificate Login and/or transaction signing
13. The most secure browser URL protection T wo factor authentication Anti hacking mechanism s Trusted SSL certificates More than 5 years of research & development More than 1 million online users
18. Key facts Verification and management Smart S ecurtiy M anagement Removable battery Long life and environment protection Optical sensors Easy data transfer for true transaction signing
23. Key facts Removable battery Long life and environment protection Credit or debit c ard International s tandards and online shopping Easy data transfer for true transaction signing Optical sensors
Online banking is more than e-banking : - Customers require inovative services instead of standardized products and services - Increase sales efficiency - Increase competitiveness Meet customer requirements Banking is no more a local service, online banking makes it global
- Latest statics shows the following result. - The arguments against online banking is listed from the most important
- Online b anking is the worldwide target for numerous attacks N ew types of attacks emerges everyday Protection is a challange against o rganized cyber crime C onventional tools are not enough anymore
Software solutions : Virtual smart cards Soft certificates Soft OTP generators (on PC or on mobile phones) Software-only hardening techniques Basic OTPs, C&R OTPs : Scratch list s Basic OTP tokens (single button, time-based, etc.) Grid cards SMS OTP : It can be bounded to transaction data on banks side, but bank can not be sure who prepared the received transaction data in the first place EMV-CAP : - Unconnected readers (without OPTIC sensors) PKI Solutions : Smart card readers USB tokens
Zero foot print : No installation, no configuration, no admin rights is needed. No trace left on PC Enables (simplifies) digital signatures via PKI smart card for end users Seamless security : Hardening mechanisms running in the back stage Secure user transaction without user involvement Always up-to-date : Changes happen in standards, trends, security needs, advanced attack techniques, IT-infrastructure Changes can always be managed in the field 5-years functional waranty : Your investment is secure by flexible technology (replaceable smart card, remote update technology) Future proof
Plug mIdentity into any PC : - any PC, your PC, foreign PC, public PC - no installation is needed - no configuration is needed - no admin right is needed - only requirement ; open USB port and Internet connectivity Check for latest updates : - Device connects to update server which typically hosted by the bank - Both firmware (hardware) & application (software) updates are possible Smart card is used for strong authentication : for only user login for only transaction signing or both Remove mIDentity : - Automatic disconnection process erases any traces on PC
Corporate and SME c ustomer s : - O nline transactions - T rade finance (LC, Accreditives etc) - O nline credit approval and credit management O nline stock exchange Retail c ustomer s : - Convenience and high-end security Other s ervices for third parties : - Bank is a „trustworthy“ place where merchants can place special offers for the Bank‘s customers e.g. i nsurance Multi b ank s upport : Electronic Banking Internet Communication Standard ( EBICS ) is a transmission protocol for banking information for usage by banking clients. Single Euro Payments Area (SEPA) concentrates on standardisation of clearing protocols in the interbank networks. Secure communication : - Web a pplications - Strong user authentication - Transaction signing by s mart card Secure d ocument exchange : - Sign PDF documents by s mart card - Bank sends electronic documents - Customer sends signed orders/forms back 4-eye principle : - Multiple s ignatures are possible - Accountant creates transaction His /her manager approves it by his /her signature Top managers approves all by additional signature
Smart card & certificate : A SIM-sized smart card is inserted in the device Smart card is PIN protected Digital certificates can be stored on smart card Smart card and certificate can be used for web login Smart card and certificate can be used to digitally sign user transactions Hardened web browser : Installed (default) web browser on PC is not used A protected & customized on board web browser is used for secure online banking Implemented security mechanisms stops phishing attacks Smart Security Management : All devices in the field can be updated remotely & securely Both firmware (hardware) and application (software) updates are possible
URL protection : Whitelist of URL is used User can not surf or be directed in malicious web sites Web browser URL address bar can be disabled Trusted SSL certificates : Only preconfigured web certificates are trusted User can not import additional trusted certificates Two factor authentication : Smart card and PIN is used for login and/or transaction signing Additional mechanisms are implemented to secure smart card usage Anti hacking mechanisms : Many security mechansims are implemented against well known attack types All these mechanisms are implemented for the last 5 years and this is a continuous (never ending) research & development
Easy infrastructure i ntegration and modular design for future needs : Integration of the solution into existing systems is easy Modular design allows you to start with simple functionality and then add more in the future without any fundamental changes in the infrastructure (start with login-only, then later add transaction signing or add OTP management– SecOPTIC – in the future) Central and anonymous smart card personalization and distiribution : KOBIL developed an anonymous card production system which is widely accepted by banks This solutions allows low cost card production and roll-out Easy a ctivation m ethods for end users : Random distribution of anonym devices and cards are possible With the first time usage, user can define smart card PIN and register his card and device remotely Central device and application management : Infrastructure allows full control of rolled-out devices in the field Remote & secure updates for firmware and applications : - No need to collect back devices for future needs
- IT standards and technologies continuous ly change - m ID entity technolog y is always up-to-date for IT infrastructure change ( b ackend system) IT extension New requirements - No restrictions for security and usage Cost Introduction of new technologies have a linear cost development KOBIL m ID entity has constant costs – despite adaptable technology The longer KOBIL m ID entity technology is in usage the more it become cost-saving
Zero adherence : Transaction data goes out of PC There is no dependency to used PC No PC resource is used for data protection No security concerns for PC, operating system, web browser Protection even against man-in-the-machine attacks Sign what you see : Transaction data is verified on secure offline device display If PC or OS or web browser is hacked and transaction data is modified by hackers, then user can detect the data manipulation on device display Multi-channel capability : - Besided Transaction Data Signing (TDS) OTP via flickering bar code, Basic OTP generator is included for telephone banking, ATM, e-banking login etc.
Login into your web account : User can login into his bank account with only a user name and static password (classic method) or can use SecOPTIC device to generate a basic OTP (no transaction signing) to use at login time In the confirmation page, a flickering bar code will be shown : Flickering bar code is generated on bank web server based on user transaction data (send at step-2) Additionally a bank server challenge (which is valid for a certain time) can be included in flickering bar code Place the optical sensor on PC monitor : There are 5 optical sensors behind the device These sensors should look at the flickering bar code on PC monitor User transaction data will be transfered from PC monitor to SecOPTIC device Verify the transaction data on device display : Now user can see the transaction data on device display If transaction data (which is entered at step-2) is modified by hackers or if flickering code is modified, then user will see a different transaction data (recepient account no and/or amount) If transaction data is modified, then user can stop at this step and transaction is not completed Enter the generated signature code into confirmation page to complete the transaction : - User transaction is digitally signed by user private key in SecOPTIC device
Optical sensors : There is no need to manually enter the transaction data into device User can see and sign the data on device Removable battery : User can change and keep using device for a long period Removal of battery before device disposal Smart Security Management : Device management, lock/unlock, resyncronization Transaction data signature verification
Large d isplay and easy menu navigation : Ease of use for end users Cost effective alternative to smart card readers : A complete solution, no need for additional smart card Security for advanced attacks : Protection even against man-in-the-machine attacks Time limit for generated OTP : Typical time-based OTP devices has a clock inside and cause many syncronization problems SecOPTIC has no clock in hardware, but server can set a time limit for received user transaction data to be signed by device DSA t echnolog y : KOBIL developed advanced algorithm to improve optical reading capability of SecOPTIC Less error rate while reading transaction data from a PC monitor
Easy infrastructure i ntegration and modular design for future needs : Integration of the solution into existing systems is easy Modular design allows you to start with simple functionality and then add more in the future without any fundamental changes in the infrastructure (start with login-only, then later add transaction signing or add digital certificate management– mIDentity – in the future) Already personalized for anonymous deployment : Devices are delivered to bank in bulk, all of them are personalized The bank loads device data into management system Devices can be distributed randomly to end users Easy a ctivation m ethods for end users : User can activate (assign) anonymous device to his/her account with the first time usage Central device management : - Devices can be locked, unlocked or removed from the system Remote and self service resyncronization : Users can start re-syncronization procedure by themselves Device shows the necessary data for re-syncronization
Zero adherence : Transaction data goes out of PC There is no dependency to used PC No PC resource is used for data protection No security concerns for PC, operating system, web browser Protection even against man-in-the-machine attacks Sign what you see : Transaction data is verified on secure offline device display If PC or OS or web browser is hacked and transaction data is modified by hackers, then user can detect the data manipulation on device display Multi application : - Since a credit or debit card is used, the same technology can be used for different applications, like online shopping, 3D-secure applications, etc.
Login into your web account : User can login into his bank account with only a user name and static password (classic method) or can use bank smart card and offline reader to generate a basic OTP (no transaction signing) to use at login time In the confirmation page, a flickering bar code will be shown : Flickering bar code is generated on bank web server based on user transaction data (send at step-2) Place the optical sensor on PC monitor : There are 5 optical sensors behind the reader These sensors should look at the flickering bar code on PC monitor User transaction data will be transfered from PC monitor to smart card reader Verify the transaction data on device display : Now user can see the transaction data on smart card reader display If transaction data (which is entered at step-2) is modified by hackers or if flickering code is modified, then user will see a different transaction data (recepient account no and/or amount) If transaction data is modified, then user can stop at this step and transaction is not completed Enter the generated signature code into confirmation page to complete the transaction : - User transaction is digitally signed by user private key in smart card (credit or debit)
Optical sensors : There is no need to manually enter the transaction data into device User can see and sign the data on device Removable battery : User can change and keep using device for a long period Removal of battery before device disposal Credit or debit card : - Use of bank card allows secure payment for online shops
Large d isplay , big keypad and easy menu navigation : Ease of use for end users Security for advanced attacks : Protection even against man-in-the-machine attacks LEGO Design : - Design based on market research on real customers. DSA t echnolog y : KOBIL developed advanced algorithm to improve optical reading capability of SecOPTIC Less error rate while reading transaction data from a PC monitor