identity assurance for banking - sric success.pdf · release in 2006. 6 who is the buyer? - may...
TRANSCRIPT
Identity Assurance for Banking旭昇資訊股份有限公司
2
Agenda
Positioning of ActivIdentity Secure Banking SolutionsOverview of component productsMulti channel authentication infrastructureReferencesSummary
3
Overview of ActivIdentity Solutions
B2E - Employee Identity Assurance and SSOEmployee Access CardsSecure Remote AccessSingle Sign On
B2C – Multi-channel Customer Authentication (BANKING)Strong (Two Factor) AuthenticationAuthentication Services Infrastructure
4
Gartner Strategic planning assumptions
By year-end 2005, fewer than 5 percent of online financial institution customers will be able to transfer more than $1,000 out of their accounts unless they use an authentication method that cybercriminals and phishers can't readily subvert (0.7 probability)
By year-end 2007, as much as 7 percent of banks in the United States, and 30 percent to 50 percent worldwide, will have forced their customers to authenticate using hardware tokens (0.7 probability).
By year-end 2007, 50 percent of today's stronger methods for customer authentication won't be strong enough to safeguard against phishing and malware (0.8 probability).
5
Solution Components
Hardware Devices One Time Password (OTP) tokensHand held Smartcard readers
Authentication and Credentials Management SoftwareSoftware development toolkit - ActivIdentity SDKAuthentication and Credentials management Server -ActivIdentity 4TRESS Authentication Server4TRESS Express, entry level version scheduled for release in 2006
6
Who is the Buyer?
- May incorporate corporate and retail banking
- Approx 200K – 5M users- Support for range of credentials types- Multiple channels- Interface to existing credentials
- Corporate or retail banking customers- Approx 25K to 500K users- May include static credentials- Internet and/or phone channel- Authentication subset of project scope
- Corporate banking customers or subset (eg high value) of the retail customers
- Approx 25K to 250K users- Internet channel, extensibility to phone- Scope limited to strong authentication
Characteristics
Medium size to large bank is selecting authentication solution as part of strategic infrastructure upgrade
Project to deliver new service requiring authentication for that service
Project implementing strong authentication for the first time to protect an established service.
Description BuyerCategory
CTO/CIOStrategic authentication infrastructure
eCommerce/ phone channelProject team
New Service projects
eCommerceProject team
Strong authentication projects
7
Product Catalogue
Hardware devices
Mini Token
Token One
Key Chain Token
Token XL
ActivReader Solo 2
Software
ActivIdentity Authentication SDK
4TRESS Authentication Server
8
Product Catalogue
Hardware devices
Mini Token
Token One
Key Chain Token
Token XL
ActivReader Solo 2
Software
ActivIdentity Authentication SDK
4TRESS Authentication Server
Simple to use token that generates a one time password at the press of a buttonPriced to be highly competitive for volume sales within the Retail Banking market. Long battery life - 10 year life expectancy
9
Product Catalogue
PIN activated tokenGenerates a one time password at the press of a button, or in response to a challenge Sign transaction parametersSupports PIN change and PIN unlock
Hardware devices
Mini Token
Token One
Key Chain Token
Token XL
ActivReader Solo 2
Software
ActivIdentity Authentication SDK
4TRESS Authentication Server
10
Product Catalogue
PIN activated tokenGenerates a one time password at the press of a button, or in response to a challenge Supports PIN change and PIN unlock4 year life expectancyAvailable with a customer lifetime replacement guarantee
Hardware devices
Mini Token
Token One
Key Chain Token
Token XL
ActivReader Solo 2
Software
ActivIdentity Authentication SDK
4TRESS Authentication Server
11
Product Catalogue
Desktop version Suitable for partially sightedPIN activated tokenGenerates a one time password at the press of a button, or in response to a challenge Supports PIN change and PIN unlock8 year life expectancy
Hardware devices
Mini Token
Token One
Key Chain Token
Token XL
ActivReader Solo 2
Software
ActivIdentity Authentication SDK
4TRESS Authentication Server
12
Product Catalogue
Handheld stand-alone, smart card readers Generates one-time-passwords or transaction signature for strong two-factor authenticationSupports a number of smart card based schemesCertified for use with EMV CAPUser replaceable batteries providing a long life
Hardware devices
Mini Token
Token One
Key Chain Token
Token XL
ActivReader Solo 2
Software
ActivIdentity Authentication SDK
4TRESS Authentication Server
13
Example of EMV AuthenticationUser interactions - Logging into account
User logs on to bank portalPortal requests Username and OTP;The User inserts their card into the reader;The User presses the CODE button on the ActivReader;The device requests the PIN;On entry of the correct PIN the device responds with a One Time Password;The user enters the code into the system and entry is granted to the site.
CODE OR SIGNENTER PIN
****
PASSCODE
12437768
14
Product Catalogue
Authentication and credentials management toolkitSupport for tokens & smart cardsSimple, rapid integration onto existing banking systemsSupported on MVS, SUN Solaris™, Microsoft Windows®and Unix®
Hardware devices
Mini Token
Token One
Key Chain Token
Token XL
ActivReader Solo 2
Software
ActivIdentity Authentication SDK
4TRESS Authentication Server
15
Product Catalogue
Full Authentication ServerSupport for knowledge and device based authentication schemesBrowser based user interfaceLifecycle management of user credentials and physical devices Centralized digitally signed tamper evident audit log Scalable secure resilient architecturePortable across a wide range of application platformMasterCard Validated CAP Token Validation Server
Hardware devices
Mini Token
Token One
Key Chain Token
Token XL
ActivReader Solo 2
Software
ActivIdentity Authentication SDK
4TRESS Authentication Server
16
Channel Specific Authentication Solutions
Each channel has an authentication solution that is unique to that channel. Passwords and processes vary across the different channelsHigh cost of administration and maintenance Multiple points of access increases points of compromiseCore functionality is rebuilt for each channel
Phone
Customers
Corporate Internet High worth
AuthAdminAudit
AuthAdminAudit
AuthAdminAudit
AuthAdminAudit
17
Multi-channel Authentication Infrastructure
Consistent approach to customer authentication regardless of the ChannelA single integrated set of authentication, administration and audit servicesA simplified model improves security by reducing points of compromiseReduced cost of administration and supportSupports deployment of new channelsExtend authentication schemes without impacting channels
Phone
Customers
Corporate Internet High worth
AuthAdminAudit
Enterprise level authentication services
18
Example Deployment
19
Leader in Secure Digital Identity Deployments
Enterprise
Hewlett-PackardHeidlebergerRenaultKDDICarphone WarehouseBritish TelecommunicationsHoffmann LarocheMonsantoAirbus IndustriesTotalAlstomST Microelectronics
Government
U.S. Dept. of Defense Singapore DSTAU.S. Dept. of EnergyU.S. Dept. of InteriorU.S. Dept. of TreasuryDutch Ministry of WaterSpanish Ministry of Public WorksAustralian Tax OfficeVeterans AffairsUK Police ForcesFrench Ministries
Finance
Barclays Bank PLCFirst MidWest BankCrédit AgricoleM&T FinancialFiservSwedbankNordeaDanske BankPKOZaba BankSociété GénéraleDeutsche Bank Group
20
Case Study - Föreningssparbanken – FSPA (Swedbank)
High volume – 2.2 million tokens issued (multi-vendor –2m from ActivIdentity).Challenge/Response based authentication solution;Challenge/Response based digital signature;OTP capable solution.Integrated within FSPA’sexisting back-end systems and internet portalSolution is a security enabler for additional servicesAllow high volume transactions (which has gradually increased)Compliant with digital signature mandates to provide non-repudiation.
ActivIdentity Token One & Authentication SDK
21
Summary - Pain Points Addressed
Compliance
Disjointed auditLack of controls over user access
Weak Authentication
Overdependence on static passwordsRisk of fraud
Reputational Risk
Erosion of confidence in low cost channels
Cost of operation
Set up
Reset & unlock
Revocation
Single channelsolutions
Customer unfriendlyCost of operation for multiplesystemsMultiple registration processesLack of scalability
Questions & Answers
旭昇資訊股份有限公司TEL+886-2-2701-6052URL:www.sric.com.tw