Innovative Security Solutions KOBIL  - the technology   company KOBIL  Systems GmbH  •   Marketing Department,  19. Mai 2011
Potential of  Online B anking <ul><li>Fast Internet access and low cost PCs enabled online banking channel from anywhere a...
Customer Concerns on e-Banking <ul><li>Many customers find online banking very risky  </li></ul><ul><li>Clients fear from ...
Daily Frauds on  e- B anking „ Thieves Hack French Presidents Bank Account“ „ 400 Million Credit Card  Numbers Hacked“ „ I...
Hacking Techniques are Advancing <ul><li>Fast Internet enables global attacks </li></ul><ul><li>Hackers are more organized...
Today’s  e-Banking Digital IDs <ul><li>Software-only solutions – any software can be easily modified, (even in mobile phon...
Positioning Our Solutions <ul><li>Secure online banking from anywhere and anytime.  </li></ul><ul><li>Convenience,  ease o...
Secure  o nline banking    anywhere and anytime
KOBIL m ID entity technology
How it works <ul><li>Plug m ID entity into any PC </li></ul><ul><li>Check for latest updates </li></ul><ul><li>Pre-configu...
<ul><li>Online banking (  Corporate , SME,  Retail ) </li></ul><ul><li>Multi-Bank Support (EBICS , SEPA ) </li></ul><ul><l...
Key facts Hardened  web b rowser No  c hance for phishing Remote & secure updates Smart  S ecurtiy  M anagement S mart  c ...
The most secure browser URL protection T wo factor  authentication Anti hacking  mechanism s Trusted  SSL  certificates Mo...
<ul><li>Easy  infrastructure i ntegration  and  </li></ul><ul><li>modular design for future needs </li></ul><ul><li>Centra...
<ul><li>KOBIL m ID entity   stays in sync with e volving technology  </li></ul>Low TCO & High ROI Time Technology IT infra...
KOBIL SecOPTIC Technology
How it works <ul><li>Login into your web account </li></ul><ul><li>Fill a trasaction form and send it to bank server </li>...
Key facts Verification and management Smart  S ecurtiy  M anagement Removable battery Long life and  environment protectio...
More Key Facts <ul><li>Large d isplay  and easy menu navigation </li></ul><ul><li>Cost   effective alternative to smart   ...
<ul><li>Easy  infrastructure i ntegration  and  modular design for future needs </li></ul><ul><li>Already  personalized fo...
KOBIL Optical Reader Technology
How it works <ul><li>Login into your web account </li></ul><ul><li>Fill a transaction form and send it to  bank server </l...
Key facts Removable battery Long life and  environment protection Credit  or debit c ard International  s tandards and onl...
More Key Facts <ul><li>Large d isplay , big keypad  and easy menu navigation </li></ul><ul><li>Security for advanced attac...
any question … ? Oemer Izci Marketing Manager E-Mail: marketing@kobil.com Phone: +49 6241 3004-0
Upcoming SlideShare
Loading in …5
×

Secure E-Banking with KOBIL technologies

2,113 views

Published on

KOBIL stands for secure data and communication on any computer in the world. Whether for business or private use, we offer optimum protection for every online workplace and make e-banking a simple and comfortable process. Our vision is simple: a secure workplace now and in the future.

Published in: Technology, Economy & Finance
1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total views
2,113
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
0
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide
  • Online banking is more than e-banking : - Customers require inovative services instead of standardized products and services - Increase sales efficiency - Increase competitiveness Meet customer requirements Banking is no more a local service, online banking makes it global
  • - Latest statics shows the following result. - The arguments against online banking is listed from the most important
  • - Online b anking is the worldwide target for numerous attacks N ew types of attacks emerges everyday Protection is a challange against o rganized cyber crime C onventional tools are not enough anymore
  • Software solutions : Virtual smart cards Soft certificates Soft OTP generators (on PC or on mobile phones) Software-only hardening techniques Basic OTPs, C&amp;R OTPs : Scratch list s Basic OTP tokens (single button, time-based, etc.) Grid cards SMS OTP : It can be bounded to transaction data on banks side, but bank can not be sure who prepared the received transaction data in the first place EMV-CAP : - Unconnected readers (without OPTIC sensors) PKI Solutions : Smart card readers USB tokens
  • Zero foot print : No installation, no configuration, no admin rights is needed. No trace left on PC Enables (simplifies) digital signatures via PKI smart card for end users Seamless security : Hardening mechanisms running in the back stage Secure user transaction without user involvement Always up-to-date : Changes happen in standards, trends, security needs, advanced attack techniques, IT-infrastructure Changes can always be managed in the field 5-years functional waranty : Your investment is secure by flexible technology (replaceable smart card, remote update technology) Future proof
  • Plug mIdentity into any PC : - any PC, your PC, foreign PC, public PC - no installation is needed - no configuration is needed - no admin right is needed - only requirement ; open USB port and Internet connectivity Check for latest updates : - Device connects to update server which typically hosted by the bank - Both firmware (hardware) &amp; application (software) updates are possible Smart card is used for strong authentication : for only user login for only transaction signing or both Remove mIDentity : - Automatic disconnection process erases any traces on PC
  • Corporate and SME c ustomer s : - O nline transactions - T rade finance (LC, Accreditives etc) - O nline credit approval and credit management O nline stock exchange Retail c ustomer s : - Convenience and high-end security Other s ervices for third parties : - Bank is a „trustworthy“ place where merchants can place special offers for the Bank‘s customers e.g. i nsurance Multi b ank s upport : Electronic Banking Internet Communication Standard ( EBICS ) is a transmission protocol for banking information for usage by banking clients. Single Euro Payments Area (SEPA) concentrates on standardisation of clearing protocols in the interbank networks. Secure communication : - Web a pplications - Strong user authentication - Transaction signing by s mart card Secure d ocument exchange : - Sign PDF documents by s mart card - Bank sends electronic documents - Customer sends signed orders/forms back 4-eye principle : - Multiple s ignatures are possible - Accountant creates transaction His /her manager approves it by his /her signature Top managers approves all by additional signature
  • Smart card &amp; certificate : A SIM-sized smart card is inserted in the device Smart card is PIN protected Digital certificates can be stored on smart card Smart card and certificate can be used for web login Smart card and certificate can be used to digitally sign user transactions Hardened web browser : Installed (default) web browser on PC is not used A protected &amp; customized on board web browser is used for secure online banking Implemented security mechanisms stops phishing attacks Smart Security Management : All devices in the field can be updated remotely &amp; securely Both firmware (hardware) and application (software) updates are possible
  • URL protection : Whitelist of URL is used User can not surf or be directed in malicious web sites Web browser URL address bar can be disabled Trusted SSL certificates : Only preconfigured web certificates are trusted User can not import additional trusted certificates Two factor authentication : Smart card and PIN is used for login and/or transaction signing Additional mechanisms are implemented to secure smart card usage Anti hacking mechanisms : Many security mechansims are implemented against well known attack types All these mechanisms are implemented for the last 5 years and this is a continuous (never ending) research &amp; development
  • Easy infrastructure i ntegration and modular design for future needs : Integration of the solution into existing systems is easy Modular design allows you to start with simple functionality and then add more in the future without any fundamental changes in the infrastructure (start with login-only, then later add transaction signing or add OTP management– SecOPTIC – in the future) Central and anonymous smart card personalization and distiribution : KOBIL developed an anonymous card production system which is widely accepted by banks This solutions allows low cost card production and roll-out Easy a ctivation m ethods for end users : Random distribution of anonym devices and cards are possible With the first time usage, user can define smart card PIN and register his card and device remotely Central device and application management : Infrastructure allows full control of rolled-out devices in the field Remote &amp; secure updates for firmware and applications : - No need to collect back devices for future needs
  • - IT standards and technologies continuous ly change - m ID entity technolog y is always up-to-date for IT infrastructure change ( b ackend system) IT extension New requirements - No restrictions for security and usage Cost Introduction of new technologies have a linear cost development KOBIL m ID entity has constant costs – despite adaptable technology The longer KOBIL m ID entity technology is in usage the more it become cost-saving
  • Zero adherence : Transaction data goes out of PC There is no dependency to used PC No PC resource is used for data protection No security concerns for PC, operating system, web browser Protection even against man-in-the-machine attacks Sign what you see : Transaction data is verified on secure offline device display If PC or OS or web browser is hacked and transaction data is modified by hackers, then user can detect the data manipulation on device display Multi-channel capability : - Besided Transaction Data Signing (TDS) OTP via flickering bar code, Basic OTP generator is included for telephone banking, ATM, e-banking login etc.
  • Login into your web account : User can login into his bank account with only a user name and static password (classic method) or can use SecOPTIC device to generate a basic OTP (no transaction signing) to use at login time In the confirmation page, a flickering bar code will be shown : Flickering bar code is generated on bank web server based on user transaction data (send at step-2) Additionally a bank server challenge (which is valid for a certain time) can be included in flickering bar code Place the optical sensor on PC monitor : There are 5 optical sensors behind the device These sensors should look at the flickering bar code on PC monitor User transaction data will be transfered from PC monitor to SecOPTIC device Verify the transaction data on device display : Now user can see the transaction data on device display If transaction data (which is entered at step-2) is modified by hackers or if flickering code is modified, then user will see a different transaction data (recepient account no and/or amount) If transaction data is modified, then user can stop at this step and transaction is not completed Enter the generated signature code into confirmation page to complete the transaction : - User transaction is digitally signed by user private key in SecOPTIC device
  • Optical sensors : There is no need to manually enter the transaction data into device User can see and sign the data on device Removable battery : User can change and keep using device for a long period Removal of battery before device disposal Smart Security Management : Device management, lock/unlock, resyncronization Transaction data signature verification
  • Large d isplay and easy menu navigation : Ease of use for end users Cost effective alternative to smart card readers : A complete solution, no need for additional smart card Security for advanced attacks : Protection even against man-in-the-machine attacks Time limit for generated OTP : Typical time-based OTP devices has a clock inside and cause many syncronization problems SecOPTIC has no clock in hardware, but server can set a time limit for received user transaction data to be signed by device DSA t echnolog y : KOBIL developed advanced algorithm to improve optical reading capability of SecOPTIC Less error rate while reading transaction data from a PC monitor
  • Easy infrastructure i ntegration and modular design for future needs : Integration of the solution into existing systems is easy Modular design allows you to start with simple functionality and then add more in the future without any fundamental changes in the infrastructure (start with login-only, then later add transaction signing or add digital certificate management– mIDentity – in the future) Already personalized for anonymous deployment : Devices are delivered to bank in bulk, all of them are personalized The bank loads device data into management system Devices can be distributed randomly to end users Easy a ctivation m ethods for end users : User can activate (assign) anonymous device to his/her account with the first time usage Central device management : - Devices can be locked, unlocked or removed from the system Remote and self service resyncronization : Users can start re-syncronization procedure by themselves Device shows the necessary data for re-syncronization
  • Zero adherence : Transaction data goes out of PC There is no dependency to used PC No PC resource is used for data protection No security concerns for PC, operating system, web browser Protection even against man-in-the-machine attacks Sign what you see : Transaction data is verified on secure offline device display If PC or OS or web browser is hacked and transaction data is modified by hackers, then user can detect the data manipulation on device display Multi application : - Since a credit or debit card is used, the same technology can be used for different applications, like online shopping, 3D-secure applications, etc.
  • Login into your web account : User can login into his bank account with only a user name and static password (classic method) or can use bank smart card and offline reader to generate a basic OTP (no transaction signing) to use at login time In the confirmation page, a flickering bar code will be shown : Flickering bar code is generated on bank web server based on user transaction data (send at step-2) Place the optical sensor on PC monitor : There are 5 optical sensors behind the reader These sensors should look at the flickering bar code on PC monitor User transaction data will be transfered from PC monitor to smart card reader Verify the transaction data on device display : Now user can see the transaction data on smart card reader display If transaction data (which is entered at step-2) is modified by hackers or if flickering code is modified, then user will see a different transaction data (recepient account no and/or amount) If transaction data is modified, then user can stop at this step and transaction is not completed Enter the generated signature code into confirmation page to complete the transaction : - User transaction is digitally signed by user private key in smart card (credit or debit)
  • Optical sensors : There is no need to manually enter the transaction data into device User can see and sign the data on device Removable battery : User can change and keep using device for a long period Removal of battery before device disposal Credit or debit card : - Use of bank card allows secure payment for online shops
  • Large d isplay , big keypad and easy menu navigation : Ease of use for end users Security for advanced attacks : Protection even against man-in-the-machine attacks LEGO Design : - Design based on market research on real customers. DSA t echnolog y : KOBIL developed advanced algorithm to improve optical reading capability of SecOPTIC Less error rate while reading transaction data from a PC monitor
  • Secure E-Banking with KOBIL technologies

    1. 1. Innovative Security Solutions KOBIL - the technology company KOBIL Systems GmbH • Marketing Department, 19. Mai 2011
    2. 2. Potential of Online B anking <ul><li>Fast Internet access and low cost PCs enabled online banking channel from anywhere and anytime </li></ul><ul><li>Many banks offer similiar and basic online services, but real potential is not unleashed yet </li></ul><ul><li>Binding transaction, document exchange, authentic communication bring more opportunities </li></ul><ul><li>Future banking is coming through advanced online services like e-commerce, e-trade, etc. </li></ul><ul><li>Online banking is more than e-banking </li></ul>
    3. 3. Customer Concerns on e-Banking <ul><li>Many customers find online banking very risky </li></ul><ul><li>Clients fear from Phishing </li></ul><ul><li>Bank does not accept responsibility on frauds </li></ul><ul><li>Customers think that the branch offices are more secure </li></ul><ul><li>Viruses, Worms, Trojans </li></ul>
    4. 4. Daily Frauds on e- B anking „ Thieves Hack French Presidents Bank Account“ „ 400 Million Credit Card Numbers Hacked“ „ Investigators Replicate Nokia 1100 Online Banking Hack“ „ Cyber crime attacks increase as malware trends plateaued in the last 12 month“ „ 300+ Bank homepages hacked and redirected!“
    5. 5. Hacking Techniques are Advancing <ul><li>Fast Internet enables global attacks </li></ul><ul><li>Hackers are more organized and targeting financial institutions </li></ul><ul><li>Latest antivirus and personal firewalls can not stop complicated attacks </li></ul><ul><li>Basic protections (anti-keylogger, virtual keypad) are not enough </li></ul><ul><li>Man-in-the-middle, man-in-the-browser, man-in-the-machine are not futuristic attacks anymore </li></ul>
    6. 6. Today’s e-Banking Digital IDs <ul><li>Software-only solutions – any software can be easily modified, (even in mobile phones) </li></ul><ul><li>Basic OTPs, C&R OTPs – no transaction data binding, open to very basic attacks like phishing </li></ul><ul><li>SMS OTP – mobile phones are open to phishing </li></ul><ul><li>EMV-CAP – Basic OTP and C&R OTP modes are weak, TDS mode is hard to use </li></ul><ul><li>PKI solutions– client installation requires so many support, complex infrastructure, expensive </li></ul>
    7. 7. Positioning Our Solutions <ul><li>Secure online banking from anywhere and anytime. </li></ul><ul><li>Convenience, ease of use and mobility </li></ul><ul><li>International standards, modular design, s eamless integration , easy management, </li></ul><ul><li>Highly secure, approved by authorities, true transaction signing, updatable technology </li></ul><ul><li>Low TCO and High ROI through innovations </li></ul>Maximum Security Maximum Convenience Challenge Response One Time Password OTP Certificate Technology Static Password SMS OTP KOBIL Innovations
    8. 8. Secure o nline banking anywhere and anytime
    9. 9. KOBIL m ID entity technology
    10. 10. How it works <ul><li>Plug m ID entity into any PC </li></ul><ul><li>Check for latest updates </li></ul><ul><li>Pre-configured on-board browser connects to bank web portal </li></ul><ul><li>Smart card is used for strong authentication (user and/ or transaction) </li></ul><ul><li>Remove m ID entity </li></ul>
    11. 11. <ul><li>Online banking ( Corporate , SME, Retail ) </li></ul><ul><li>Multi-Bank Support (EBICS , SEPA ) </li></ul><ul><li>Secure communication </li></ul><ul><li>Secure data & document exchange </li></ul><ul><li>Ready for 4-eye principle </li></ul>Application Areas
    12. 12. Key facts Hardened web b rowser No c hance for phishing Remote & secure updates Smart S ecurtiy M anagement S mart c ard & certificate Login and/or transaction signing
    13. 13. The most secure browser URL protection T wo factor authentication Anti hacking mechanism s Trusted SSL certificates More than 5 years of research & development More than 1 million online users
    14. 14. <ul><li>Easy infrastructure i ntegration and </li></ul><ul><li>modular design for future needs </li></ul><ul><li>Central and anonymous smart card personalization and distiribution </li></ul><ul><li>Easy a ctivation m ethods for end users </li></ul><ul><li>Central device and application management </li></ul><ul><li>Remote & secure updates for firmware </li></ul><ul><li>and applications </li></ul>Smart Security Management
    15. 15. <ul><li>KOBIL m ID entity stays in sync with e volving technology </li></ul>Low TCO & High ROI Time Technology IT infrastructure KOBIL m ID entity
    16. 16. KOBIL SecOPTIC Technology
    17. 17. How it works <ul><li>Login into your web account </li></ul><ul><li>Fill a trasaction form and send it to bank server </li></ul><ul><li>In the confirmation page, a flickering bar code will be shown </li></ul><ul><li>Place the optical sensor on PC monitor </li></ul><ul><li>Verify the transaction data on device display </li></ul><ul><li>Enter the generated signature code into confirmation page to complete the transaction </li></ul>
    18. 18. Key facts Verification and management Smart S ecurtiy M anagement Removable battery Long life and environment protection Optical sensors Easy data transfer for true transaction signing
    19. 19. More Key Facts <ul><li>Large d isplay and easy menu navigation </li></ul><ul><li>Cost effective alternative to smart card readers </li></ul><ul><li>Security for advanced attacks </li></ul><ul><li>Time limit for generated OTP </li></ul><ul><li>Left/right hand support </li></ul><ul><li>Multi language support </li></ul><ul><li>DSA t echnolog y (Dynamic Signal Analysis) </li></ul>
    20. 20. <ul><li>Easy infrastructure i ntegration and modular design for future needs </li></ul><ul><li>Already personalized for anonymous deployment </li></ul><ul><li>Easy a ctivation m ethods for end users </li></ul><ul><li>Central device management </li></ul><ul><li>Remote and self service resyncronization </li></ul>Smart Security Management
    21. 21. KOBIL Optical Reader Technology
    22. 22. How it works <ul><li>Login into your web account </li></ul><ul><li>Fill a transaction form and send it to bank server </li></ul><ul><li>In the confirmation page, a flickering bar code will be shown </li></ul><ul><li>Insert your credit card into offline reader </li></ul><ul><li>Place the optical sensor on PC monitor </li></ul><ul><li>Verify the transaction data on reader display </li></ul><ul><li>Enter the generated signature code into confirmation page to complete the transaction </li></ul>
    23. 23. Key facts Removable battery Long life and environment protection Credit or debit c ard International s tandards and online shopping Easy data transfer for true transaction signing Optical sensors
    24. 24. More Key Facts <ul><li>Large d isplay , big keypad and easy menu navigation </li></ul><ul><li>Security for advanced attacks </li></ul><ul><li>LEGO design </li></ul><ul><li>Left/righ t hand support </li></ul><ul><li>Multi language support </li></ul><ul><li>DSA Technolog y (Dynamic Signal Analysis) </li></ul>Millions of users
    25. 25. any question … ? Oemer Izci Marketing Manager E-Mail: marketing@kobil.com Phone: +49 6241 3004-0

    ×