SlideShare a Scribd company logo

Cidway Secure Mobile Access Transactions Short 05 12

L
lfilliat

Achieve the level of security required by service providers of mobile applications with the simplicity the Consumer wishes...

1 of 9
Download to read offline
SECURING ACCESS & TRANSACTIONS ON / FROM MOBILE Discover the future of security on www.cidway.com
THE LEVEL OF SECURITY YOU WANT TO ACHIEVE THE LEVEL OF CONVENIENCE THE USERS WANT
Mobile Access & Transactions Today Scenario 1 Scenario 2 + or SMS Static PIN Code on the Mobile Mobile application + OTP from hardware Token or SMS application Secure, but NOT convenient Convenient but NOT secure Expensive for the Bank No Transactions’ signature ! Potential Transactions’ signature ! © 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 3
Mobile Access & Transactions with CIDWAY ü  Improved Security, using time-based OTP •  Strong Authentication (2FA) Embedded Cidway mSDK •  Mutual Authentication (MA) •  Transaction/Document signature (TDS) ü  Simplified User Experience •  Just a PIN to input •  All security features transparent to the User ü  Decreased Total Cost of Ownership •  No additional hardware components •  No additional software application cured by CIDWAY •  Less Support ü  Simplified Deployment •  Only one application with Cidway mSDK embedded ü  Extended Scope Transparent 2FA, MA & TDS •  mBanking •  mCommerce •  mPayment Convenient & Secure •  mHealth •  Mobility •  Etc. © 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 4
Secure Mobile Applications & Simplify User Experience Improved Security •  Secure Login with real time-based OTP •  Sign Transactions/Documents/Data with time-based TDS •  Mutual Authentication (Server authenticates to Mobile) with time-based OTP •  Real time-based OTP (1 second increment) with time-stamping •  Data encryption within SSL tunnel (in case it’s compromised) using synchronous OTP (without transmitting keys over the Network) •  No-PIN patented protection (PIN Code not stored on the mobile, never transmitted over the network, neither stored on the server) •  Embedded Secure Virtual Keyboard •  Jailbrake/Root detection – even prevents Xcon (iOS) •  Anti-cloning solution (based on signed Logs & hardware binding) •  Secure Download from mobile public stores (to prevent a rogue application to steal User’s credentials) •  Secure provisioning process on the fly •  Support of multiple-devices for one User with multiple keys (even if same PIN Code used) Simplified User Experience Enable high-level security without additional components/elements, in a transparent way for the User •  Easy Login (secured by a transparent 2FA & Mutual Authentication): just input a PIN Code •  Easy Transaction/Document Signature (signing the entire Transaction Data): just input a PIN Code, no additional data to input •  Easy Registration Process & Renewal process (when phone is changed/lost/stolen) •  Automatic & transparent time-resynchronization, even if User changes the clock of his phone •  Multiple Devices with same PIN Code (without additional security risks) •  Multiple Users on the same device Seamless Integration Simple integration of Cidway SDKs into existing or future Applications •  Integration of MobileSDK into existing mobile application (native mSDK available for all platforms) •  Integration of ServerSDK (available on any OS, agnostic of Databases & Users Directory) into existing Application Server or Authentication Platform •  Professional Services & Training readily available from Cidway with significant experience •  Potential adaptations/modifications, as it’s Cidway’s own source code © 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 5
Integration of CIDWAY SDKs APPLICATION SERVER (mBanking, mCommerce, mPayment, Mobility, etc.) WebServices Cidway CIDWAY mSDK Cidway ServerSDK Gaia Server 1   2   Integration of CIDWAY Integration of CIDWAY ServerSDK Interface of CIDWAY MobileSDK into existing into existing Application Server or OR GaiaServer with existing Mobile Application Authentication Platform Application Server Available on any OS, agnostic of Database & User Directory Integrate ServerSDK or Interface GaiaServer © 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 6
User Experience & Process : Secure Access & Transaction/Data Signature Fully transparent for the User The simplest User Experience SECURE ACCESS TRANSACTION SIGNATURE © 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 7
Business Cases mBanking Mobility ü  Strong Authentication ü  Secure & simple authentication of Users ü  Mutual Authentication ü  Multiple Users per device ü  Transaction Signature ü  Document Signature (including data ü  End-to-end data encryption integrity & time-stamping) ü  Anti-cloning ü  Complementary to MDM ü  Jailbrake/Root detection mCommerce mHealth ü  Secure mCommerce transactions ü  Secure Access to medical records (Transaction Signature, protects ü  Sign data when records modified and/or also CC data) added ü  Simplify User Experience ü  Authenticate patient ü  Automate 3DSecure transactions on ü  Secure patient data communication Mobile © 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 8
FAQ on Mobile Authentication Cidway Mobile technology is the answer ü  What are the risks if I loose my phone ? ü  What are the risks to download a rogue application from a mobile public store ? ü  OK How easy is it to activate the application and what are the risks during the process ? ü  Is the User Experience really easy ? ü  What are the risks of brute force, man in the middle and other sophisticated attacks ? ü  Did the application pass penetration tests ? ü  What are the coding techniques to guarantee top security ? ü  Are they credentials transmitted over the air ? What are the risks ? ü  Is it real time based ? With time-stamping ? ü  What happens when the user changes the phone’s clock ? ü  Does it work on all Mobile platforms ? ü  Does the solution considered supports real time-based : OTP, mutual-authentication & transaction signature ? ü  Does the solution supports Jailbrake/Root detection (even with xcon on iOS) ? ü  Does the solution embeds a secure virtual keyboard ? ü  Does the solution supports end-to-end data encryption within SSL channel ? ü  Does the solution prevents from Cloning ? ü  Is the secret key protected from mobile backups usually not encrypted and potentially stored on the cloud ? © 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 9

Recommended

Cidway Corporate Access 06 2009 Full
Cidway Corporate Access 06 2009 FullCidway Corporate Access 06 2009 Full
Cidway Corporate Access 06 2009 Fulllfilliat
 
2012 Accumulate Mobile Everywhere Introduction
2012 Accumulate Mobile Everywhere Introduction2012 Accumulate Mobile Everywhere Introduction
2012 Accumulate Mobile Everywhere IntroductionSzymon Dowgwillowicz-Nowicki
 
Assurity seminar 24 jan
Assurity seminar 24 janAssurity seminar 24 jan
Assurity seminar 24 janJason Kong
 
Cidway Byod Authentication
Cidway Byod AuthenticationCidway Byod Authentication
Cidway Byod Authenticationlfilliat
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust Datacard
 
Cidway Banking 02 2011
Cidway Banking 02 2011Cidway Banking 02 2011
Cidway Banking 02 2011lfilliat
 
SmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationSmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationOKsystem
 
Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services USAID CEED II Project Moldova
 

Recommended

Cidway Corporate Access 06 2009 Full
Cidway Corporate Access 06 2009 FullCidway Corporate Access 06 2009 Full
Cidway Corporate Access 06 2009 Fulllfilliat
 
2012 Accumulate Mobile Everywhere Introduction
2012 Accumulate Mobile Everywhere Introduction2012 Accumulate Mobile Everywhere Introduction
2012 Accumulate Mobile Everywhere IntroductionSzymon Dowgwillowicz-Nowicki
 
Assurity seminar 24 jan
Assurity seminar 24 janAssurity seminar 24 jan
Assurity seminar 24 janJason Kong
 
Cidway Byod Authentication
Cidway Byod AuthenticationCidway Byod Authentication
Cidway Byod Authenticationlfilliat
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust Datacard
 
Cidway Banking 02 2011
Cidway Banking 02 2011Cidway Banking 02 2011
Cidway Banking 02 2011lfilliat
 
SmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationSmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationOKsystem
 
Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services USAID CEED II Project Moldova
 
Rsa Secur Id From Signify
Rsa Secur Id From SignifyRsa Secur Id From Signify
Rsa Secur Id From Signifypjpallen
 
OTP Solution - Mat khau su dung mot lan
OTP Solution - Mat khau su dung mot lanOTP Solution - Mat khau su dung mot lan
OTP Solution - Mat khau su dung mot lanTHANK Truong
 
Signify Passcode On Demand
Signify Passcode On DemandSignify Passcode On Demand
Signify Passcode On Demandpjpallen
 
NetAuthority Brochure
NetAuthority BrochureNetAuthority Brochure
NetAuthority BrochureVivastream
 
SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseOKsystem
 
Signify Overview
Signify OverviewSignify Overview
Signify Overviewpjpallen
 
Blockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial ServicesBlockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial ServicesVeridium
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
2012 NagraID display cards - alternatywa dla tokenów
2012 NagraID display cards - alternatywa dla tokenów2012 NagraID display cards - alternatywa dla tokenów
2012 NagraID display cards - alternatywa dla tokenówSzymon Dowgwillowicz-Nowicki
 
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...Hitachi ID Systems, Inc.
 
Sms passcode
Sms passcodeSms passcode
Sms passcodeTechMeetups
 
Banking the Unbanked
Banking the UnbankedBanking the Unbanked
Banking the UnbankedVeridium
 
Government Citizen ID using Java Card Platform
Government Citizen ID using Java Card PlatformGovernment Citizen ID using Java Card Platform
Government Citizen ID using Java Card PlatformRamesh Nagappan
 
Smart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC PaymentSmart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC PaymentSazzadur Rahaman
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceVeridium
 
Autdsi gvi
Autdsi gviAutdsi gvi
Autdsi gviL2MM
 
Estonian Experience electronicID, mobileID
Estonian Experience electronicID, mobileIDEstonian Experience electronicID, mobileID
Estonian Experience electronicID, mobileIDUSAID CEED II Project Moldova
 
FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutionsfrontone
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingOKsystem
 
Rsa Secur Id From Signify
Rsa Secur Id From SignifyRsa Secur Id From Signify
Rsa Secur Id From Signifykate_holden
 
Cidway Securing POS Transactions
Cidway Securing POS TransactionsCidway Securing POS Transactions
Cidway Securing POS Transactionslfilliat
 
Signify Overview
Signify OverviewSignify Overview
Signify Overviewkate_holden
 

More Related Content

What's hot

Rsa Secur Id From Signify
Rsa Secur Id From SignifyRsa Secur Id From Signify
Rsa Secur Id From Signifypjpallen
 
OTP Solution - Mat khau su dung mot lan
OTP Solution - Mat khau su dung mot lanOTP Solution - Mat khau su dung mot lan
OTP Solution - Mat khau su dung mot lanTHANK Truong
 
Signify Passcode On Demand
Signify Passcode On DemandSignify Passcode On Demand
Signify Passcode On Demandpjpallen
 
NetAuthority Brochure
NetAuthority BrochureNetAuthority Brochure
NetAuthority BrochureVivastream
 
SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseOKsystem
 
Signify Overview
Signify OverviewSignify Overview
Signify Overviewpjpallen
 
Blockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial ServicesBlockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial ServicesVeridium
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
2012 NagraID display cards - alternatywa dla tokenów
2012 NagraID display cards - alternatywa dla tokenów2012 NagraID display cards - alternatywa dla tokenów
2012 NagraID display cards - alternatywa dla tokenówSzymon Dowgwillowicz-Nowicki
 
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...Hitachi ID Systems, Inc.
 
Banking the Unbanked
Banking the UnbankedBanking the Unbanked
Banking the UnbankedVeridium
 
Government Citizen ID using Java Card Platform
Government Citizen ID using Java Card PlatformGovernment Citizen ID using Java Card Platform
Government Citizen ID using Java Card PlatformRamesh Nagappan
 
Smart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC PaymentSmart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC PaymentSazzadur Rahaman
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceVeridium
 
Autdsi gvi
Autdsi gviAutdsi gvi
Autdsi gviL2MM
 

What's hot (17)

Rsa Secur Id From Signify
Rsa Secur Id From SignifyRsa Secur Id From Signify
Rsa Secur Id From Signify
 
OTP Solution - Mat khau su dung mot lan
OTP Solution - Mat khau su dung mot lanOTP Solution - Mat khau su dung mot lan
OTP Solution - Mat khau su dung mot lan
 
Signify Passcode On Demand
Signify Passcode On DemandSignify Passcode On Demand
Signify Passcode On Demand
 
NetAuthority Brochure
NetAuthority BrochureNetAuthority Brochure
NetAuthority Brochure
 
SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterprise
 
Signify Overview
Signify OverviewSignify Overview
Signify Overview
 
Blockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial ServicesBlockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial Services
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guide
 
2012 NagraID display cards - alternatywa dla tokenów
2012 NagraID display cards - alternatywa dla tokenów2012 NagraID display cards - alternatywa dla tokenów
2012 NagraID display cards - alternatywa dla tokenów
 
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
 
Sms passcode
Sms passcodeSms passcode
Sms passcode
 
Banking the Unbanked
Banking the UnbankedBanking the Unbanked
Banking the Unbanked
 
Government Citizen ID using Java Card Platform
Government Citizen ID using Java Card PlatformGovernment Citizen ID using Java Card Platform
Government Citizen ID using Java Card Platform
 
Smart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC PaymentSmart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC Payment
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of Compliance
 
Autdsi gvi
Autdsi gviAutdsi gvi
Autdsi gvi
 
Estonian Experience electronicID, mobileID
Estonian Experience electronicID, mobileIDEstonian Experience electronicID, mobileID
Estonian Experience electronicID, mobileID
 

Similar to Cidway Secure Mobile Access Transactions Short 05 12

FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutionsfrontone
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingOKsystem
 
Rsa Secur Id From Signify
Rsa Secur Id From SignifyRsa Secur Id From Signify
Rsa Secur Id From Signifykate_holden
 
Cidway Securing POS Transactions
Cidway Securing POS TransactionsCidway Securing POS Transactions
Cidway Securing POS Transactionslfilliat
 
Signify Overview
Signify OverviewSignify Overview
Signify Overviewkate_holden
 
Cidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa TrCidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa Trlfilliat
 
Signify Passcode On Demand
Signify Passcode On DemandSignify Passcode On Demand
Signify Passcode On Demandkate_holden
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketOKsystem
 
Signify Software Tokens
Signify Software TokensSignify Software Tokens
Signify Software Tokenspjpallen
 
Signify Software Tokens
Signify Software TokensSignify Software Tokens
Signify Software Tokenskate_holden
 
Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities
 
Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information Presentationguestf018d88
 
CIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David PollingtonCIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David PollingtonCloudIDSummit
 
Flyer Letter Gen Vasco
Flyer Letter Gen VascoFlyer Letter Gen Vasco
Flyer Letter Gen VascoLeenVerleyen
 
E-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptxE-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptxArchana833240
 
Entrust datacard --Authentication solutions overview
Entrust datacard --Authentication solutions overviewEntrust datacard --Authentication solutions overview
Entrust datacard --Authentication solutions overviewAbhishek Sood
 
Optimising mobile signature v4
Optimising mobile signature v4Optimising mobile signature v4
Optimising mobile signature v4moldovaictsummit
 
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610 Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610 FinTech Belgium
 

Similar to Cidway Secure Mobile Access Transactions Short 05 12 (20)

FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutions
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
 
Rsa Secur Id From Signify
Rsa Secur Id From SignifyRsa Secur Id From Signify
Rsa Secur Id From Signify
 
Cidway Securing POS Transactions
Cidway Securing POS TransactionsCidway Securing POS Transactions
Cidway Securing POS Transactions
 
Signify Overview
Signify OverviewSignify Overview
Signify Overview
 
Cidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa TrCidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa Tr
 
ekey+ Presentation
ekey+ Presentationekey+ Presentation
ekey+ Presentation
 
Signify Passcode On Demand
Signify Passcode On DemandSignify Passcode On Demand
Signify Passcode On Demand
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
 
Signify Software Tokens
Signify Software TokensSignify Software Tokens
Signify Software Tokens
 
Signify Software Tokens
Signify Software TokensSignify Software Tokens
Signify Software Tokens
 
Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information Presentation
 
Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information Presentation
 
CIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David PollingtonCIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David Pollington
 
Flyer Letter Gen Vasco
Flyer Letter Gen VascoFlyer Letter Gen Vasco
Flyer Letter Gen Vasco
 
E-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptxE-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptx
 
Entrust datacard --Authentication solutions overview
Entrust datacard --Authentication solutions overviewEntrust datacard --Authentication solutions overview
Entrust datacard --Authentication solutions overview
 
Optimising mobile signature v4
Optimising mobile signature v4Optimising mobile signature v4
Optimising mobile signature v4
 
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610 Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
 
Wisekey italia presentation 2012
Wisekey italia presentation 2012Wisekey italia presentation 2012
Wisekey italia presentation 2012
 

Cidway Secure Mobile Access Transactions Short 05 12

  • 1. SECURING ACCESS & TRANSACTIONS ON / FROM MOBILE Discover the future of security on www.cidway.com
  • 2. THE LEVEL OF SECURITY YOU WANT TO ACHIEVE THE LEVEL OF CONVENIENCE THE USERS WANT
  • 3. Mobile Access & Transactions Today Scenario 1 Scenario 2 + or SMS Static PIN Code on the Mobile Mobile application + OTP from hardware Token or SMS application Secure, but NOT convenient Convenient but NOT secure Expensive for the Bank No Transactions’ signature ! Potential Transactions’ signature ! © 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 3
  • 4. Mobile Access & Transactions with CIDWAY ü  Improved Security, using time-based OTP •  Strong Authentication (2FA) Embedded Cidway mSDK •  Mutual Authentication (MA) •  Transaction/Document signature (TDS) ü  Simplified User Experience •  Just a PIN to input •  All security features transparent to the User ü  Decreased Total Cost of Ownership •  No additional hardware components •  No additional software application cured by CIDWAY •  Less Support ü  Simplified Deployment •  Only one application with Cidway mSDK embedded ü  Extended Scope Transparent 2FA, MA & TDS •  mBanking •  mCommerce •  mPayment Convenient & Secure •  mHealth •  Mobility •  Etc. © 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 4
  • 5. Secure Mobile Applications & Simplify User Experience Improved Security •  Secure Login with real time-based OTP •  Sign Transactions/Documents/Data with time-based TDS •  Mutual Authentication (Server authenticates to Mobile) with time-based OTP •  Real time-based OTP (1 second increment) with time-stamping •  Data encryption within SSL tunnel (in case it’s compromised) using synchronous OTP (without transmitting keys over the Network) •  No-PIN patented protection (PIN Code not stored on the mobile, never transmitted over the network, neither stored on the server) •  Embedded Secure Virtual Keyboard •  Jailbrake/Root detection – even prevents Xcon (iOS) •  Anti-cloning solution (based on signed Logs & hardware binding) •  Secure Download from mobile public stores (to prevent a rogue application to steal User’s credentials) •  Secure provisioning process on the fly •  Support of multiple-devices for one User with multiple keys (even if same PIN Code used) Simplified User Experience Enable high-level security without additional components/elements, in a transparent way for the User •  Easy Login (secured by a transparent 2FA & Mutual Authentication): just input a PIN Code •  Easy Transaction/Document Signature (signing the entire Transaction Data): just input a PIN Code, no additional data to input •  Easy Registration Process & Renewal process (when phone is changed/lost/stolen) •  Automatic & transparent time-resynchronization, even if User changes the clock of his phone •  Multiple Devices with same PIN Code (without additional security risks) •  Multiple Users on the same device Seamless Integration Simple integration of Cidway SDKs into existing or future Applications •  Integration of MobileSDK into existing mobile application (native mSDK available for all platforms) •  Integration of ServerSDK (available on any OS, agnostic of Databases & Users Directory) into existing Application Server or Authentication Platform •  Professional Services & Training readily available from Cidway with significant experience •  Potential adaptations/modifications, as it’s Cidway’s own source code © 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 5
  • 6. Integration of CIDWAY SDKs APPLICATION SERVER (mBanking, mCommerce, mPayment, Mobility, etc.) WebServices Cidway CIDWAY mSDK Cidway ServerSDK Gaia Server 1   2   Integration of CIDWAY Integration of CIDWAY ServerSDK Interface of CIDWAY MobileSDK into existing into existing Application Server or OR GaiaServer with existing Mobile Application Authentication Platform Application Server Available on any OS, agnostic of Database & User Directory Integrate ServerSDK or Interface GaiaServer © 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 6
  • 7. User Experience & Process : Secure Access & Transaction/Data Signature Fully transparent for the User The simplest User Experience SECURE ACCESS TRANSACTION SIGNATURE © 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 7
  • 8. Business Cases mBanking Mobility ü  Strong Authentication ü  Secure & simple authentication of Users ü  Mutual Authentication ü  Multiple Users per device ü  Transaction Signature ü  Document Signature (including data ü  End-to-end data encryption integrity & time-stamping) ü  Anti-cloning ü  Complementary to MDM ü  Jailbrake/Root detection mCommerce mHealth ü  Secure mCommerce transactions ü  Secure Access to medical records (Transaction Signature, protects ü  Sign data when records modified and/or also CC data) added ü  Simplify User Experience ü  Authenticate patient ü  Automate 3DSecure transactions on ü  Secure patient data communication Mobile © 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 8
  • 9. FAQ on Mobile Authentication Cidway Mobile technology is the answer ü  What are the risks if I loose my phone ? ü  What are the risks to download a rogue application from a mobile public store ? ü  OK How easy is it to activate the application and what are the risks during the process ? ü  Is the User Experience really easy ? ü  What are the risks of brute force, man in the middle and other sophisticated attacks ? ü  Did the application pass penetration tests ? ü  What are the coding techniques to guarantee top security ? ü  Are they credentials transmitted over the air ? What are the risks ? ü  Is it real time based ? With time-stamping ? ü  What happens when the user changes the phone’s clock ? ü  Does it work on all Mobile platforms ? ü  Does the solution considered supports real time-based : OTP, mutual-authentication & transaction signature ? ü  Does the solution supports Jailbrake/Root detection (even with xcon on iOS) ? ü  Does the solution embeds a secure virtual keyboard ? ü  Does the solution supports end-to-end data encryption within SSL channel ? ü  Does the solution prevents from Cloning ? ü  Is the secret key protected from mobile backups usually not encrypted and potentially stored on the cloud ? © 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 9