More Related Content
Similar to Cidway Secure Mobile Access Transactions Short 05 12 (20)
Cidway Secure Mobile Access Transactions Short 05 12
- 1. SECURING ACCESS & TRANSACTIONS ON / FROM MOBILE
Discover the future of security on www.cidway.com
- 2. THE LEVEL OF SECURITY YOU WANT TO ACHIEVE
THE LEVEL OF CONVENIENCE THE USERS WANT
- 3. Mobile Access & Transactions Today
Scenario 1
Scenario 2
+
or SMS
Static PIN Code on the Mobile Mobile application
+ OTP from hardware Token or SMS
application
Secure, but NOT convenient
Convenient but NOT secure Expensive for the Bank
No Transactions’ signature ! Potential Transactions’ signature !
© 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 3
- 4. Mobile Access & Transactions with CIDWAY
ü Improved Security, using time-based OTP
• Strong Authentication (2FA)
Embedded Cidway mSDK
• Mutual Authentication (MA)
• Transaction/Document signature (TDS)
ü Simplified User Experience
• Just a PIN to input
• All security features transparent to the User
ü Decreased Total Cost of Ownership
• No additional hardware components
• No additional software application
cured by CIDWAY • Less Support
ü Simplified Deployment
• Only one application with Cidway mSDK embedded
ü Extended Scope
Transparent 2FA, MA & TDS
• mBanking
• mCommerce
• mPayment
Convenient & Secure • mHealth
• Mobility
• Etc.
© 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 4
- 5. Secure Mobile Applications & Simplify User Experience
Improved Security
• Secure Login with real time-based OTP
• Sign Transactions/Documents/Data with time-based TDS
• Mutual Authentication (Server authenticates to Mobile) with time-based OTP
• Real time-based OTP (1 second increment) with time-stamping
• Data encryption within SSL tunnel (in case it’s compromised) using synchronous OTP (without transmitting keys over the
Network)
• No-PIN patented protection (PIN Code not stored on the mobile, never transmitted over the network, neither stored on the server)
• Embedded Secure Virtual Keyboard
• Jailbrake/Root detection – even prevents Xcon (iOS)
• Anti-cloning solution (based on signed Logs & hardware binding)
• Secure Download from mobile public stores (to prevent a rogue application to steal User’s credentials)
• Secure provisioning process on the fly
• Support of multiple-devices for one User with multiple keys (even if same PIN Code used)
Simplified User Experience
Enable high-level security without additional components/elements, in a transparent way for the User
• Easy Login (secured by a transparent 2FA & Mutual Authentication): just input a PIN Code
• Easy Transaction/Document Signature (signing the entire Transaction Data): just input a PIN Code, no additional data to input
• Easy Registration Process & Renewal process (when phone is changed/lost/stolen)
• Automatic & transparent time-resynchronization, even if User changes the clock of his phone
• Multiple Devices with same PIN Code (without additional security risks)
• Multiple Users on the same device
Seamless Integration
Simple integration of Cidway SDKs into existing or future Applications
• Integration of MobileSDK into existing mobile application (native mSDK available for all platforms)
• Integration of ServerSDK (available on any OS, agnostic of Databases & Users Directory) into existing Application Server or
Authentication Platform
• Professional Services & Training readily available from Cidway with significant experience
• Potential adaptations/modifications, as it’s Cidway’s own source code
© 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 5
- 6. Integration of CIDWAY SDKs
APPLICATION
SERVER
(mBanking, mCommerce,
mPayment, Mobility, etc.) WebServices Cidway
CIDWAY
mSDK
Cidway ServerSDK Gaia Server
1
2
Integration of CIDWAY Integration of CIDWAY ServerSDK Interface of CIDWAY
MobileSDK into existing into existing Application Server or OR GaiaServer with existing
Mobile Application Authentication Platform Application Server
Available on any OS,
agnostic of Database & User Directory
Integrate ServerSDK or Interface GaiaServer
© 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 6
- 7. User Experience & Process : Secure Access & Transaction/Data Signature
Fully transparent for the User
The simplest User Experience
SECURE ACCESS
TRANSACTION SIGNATURE
© 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 7
- 8. Business Cases
mBanking Mobility
ü Strong Authentication ü Secure & simple authentication of Users
ü Mutual Authentication ü Multiple Users per device
ü Transaction Signature ü Document Signature (including data
ü End-to-end data encryption integrity & time-stamping)
ü Anti-cloning ü Complementary to MDM
ü Jailbrake/Root detection
mCommerce mHealth
ü Secure mCommerce transactions ü Secure Access to medical records
(Transaction Signature, protects ü Sign data when records modified and/or
also CC data) added
ü Simplify User Experience ü Authenticate patient
ü Automate 3DSecure transactions on ü Secure patient data communication
Mobile
© 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 8
- 9. FAQ on Mobile Authentication Cidway Mobile technology is the answer
ü What are the risks if I loose my phone ?
ü What are the risks to download a rogue application from a mobile public store ?
ü
OK
How easy is it to activate the application and what are the risks during the process ?
ü Is the User Experience really easy ?
ü What are the risks of brute force, man in the middle and other sophisticated attacks ?
ü Did the application pass penetration tests ?
ü What are the coding techniques to guarantee top security ?
ü Are they credentials transmitted over the air ? What are the risks ?
ü Is it real time based ? With time-stamping ?
ü What happens when the user changes the phone’s clock ?
ü Does it work on all Mobile platforms ?
ü Does the solution considered supports real time-based : OTP, mutual-authentication & transaction
signature ?
ü Does the solution supports Jailbrake/Root detection (even with xcon on iOS) ?
ü Does the solution embeds a secure virtual keyboard ?
ü Does the solution supports end-to-end data encryption within SSL channel ?
ü Does the solution prevents from Cloning ?
ü Is the secret key protected from mobile backups usually not encrypted and potentially stored on the
cloud ?
© 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 9