Cidway Secure Mobile Access Transactions Short 05 12

Discover the future of security on www.cidway.com

SECURING ACCESS & TRANSACTIONS ON / FROM MOBILE

THE LEVEL OF SECURITY YOU WANT TO ACHIEVE

THE LEVEL OF CONVENIENCE THE USERS WANT

© 2012 CIDWAY Security SA. All rights reserved – www.cidway.com 3

Mobile Access & Transactions Today

Static PIN Code on the Mobile application

Convenient but NOT secure

No Transactions’ signature !

Scenario 1

Mobile application + OTP from hardware Token or SMS

Secure, but NOT convenient

Expensive for the Bank

Potential Transactions’ signature !

Scenario 2

+ or SMS


Mobile Access & Transactions with CIDWAY

Transparent 2FA, MA & TDS

Convenient & Secure

Embedded Cidway mSDK

ü  Improved Security, using time-based OTP •  Strong Authentication (2FA) •  Mutual Authentication (MA) •  Transaction/Document signature (TDS)

ü  Simplified User Experience •  Just a PIN to input •  All security features transparent to the User

ü  Decreased Total Cost of Ownership •  No additional hardware components •  No additional software application •  Less Support

ü  Simplified Deployment •  Only one application with Cidway mSDK embedded

ü  Extended Scope •  mBanking •  mCommerce •  mPayment •  mHealth •  Mobility •  Etc.

cured by CIDWAY


Secure Mobile Applications & Simplify User Experience

Improved Security •  Secure Login with real time-based OTP •  Sign Transactions/Documents/Data with time-based TDS •  Mutual Authentication (Server authenticates to Mobile) with time-based OTP •  Real time-based OTP (1 second increment) with time-stamping •  Data encryption within SSL tunnel (in case it’s compromised) using synchronous OTP (without transmitting keys over the

Network) •  No-PIN patented protection (PIN Code not stored on the mobile, never transmitted over the network, neither stored on the server) •  Embedded Secure Virtual Keyboard •  Jailbrake/Root detection – even prevents Xcon (iOS) •  Anti-cloning solution (based on signed Logs & hardware binding) •  Secure Download from mobile public stores (to prevent a rogue application to steal User’s credentials) •  Secure provisioning process on the fly •  Support of multiple-devices for one User with multiple keys (even if same PIN Code used)

Simplified User Experience Enable high-level security without additional components/elements, in a transparent way for the User •  Easy Login (secured by a transparent 2FA & Mutual Authentication): just input a PIN Code •  Easy Transaction/Document Signature (signing the entire Transaction Data): just input a PIN Code, no additional data to input •  Easy Registration Process & Renewal process (when phone is changed/lost/stolen) •  Automatic & transparent time-resynchronization, even if User changes the clock of his phone •  Multiple Devices with same PIN Code (without additional security risks) •  Multiple Users on the same device

Seamless Integration Simple integration of Cidway SDKs into existing or future Applications •  Integration of MobileSDK into existing mobile application (native mSDK available for all platforms) •  Integration of ServerSDK (available on any OS, agnostic of Databases & Users Directory) into existing Application Server or

Authentication Platform •  Professional Services & Training readily available from Cidway with significant experience •  Potential adaptations/modifications, as it’s Cidway’s own source code


APPLICATION SERVER

(mBanking, mCommerce, mPayment, Mobility, etc.)

Integration of CIDWAY MobileSDK into existing

Mobile Application

Integration of CIDWAY ServerSDK into existing Application Server or

Authentication Platform

Integration of CIDWAY SDKs

1 2

Available on any OS, agnostic of Database & User Directory

CIDWAY mSDK

Cidway ServerSDK

Cidway Gaia Server

WebServices

Interface of CIDWAY GaiaServer with existing

Application Server OR

Integrate ServerSDK or Interface GaiaServer


User Experience & Process : Secure Access & Transaction/Data Signature Th

e si

mpl

est U

ser E

xper

ienc

e

Fully

tran

spar

ent f

or th

e U

ser

SECURE ACCESS

TRANSACTION SIGNATURE


Business Cases

mBanking ü  Strong Authentication ü  Mutual Authentication ü  Transaction Signature ü  End-to-end data encryption ü  Anti-cloning ü  Jailbrake/Root detection

ü  Secure & simple authentication of Users ü  Multiple Users per device ü  Document Signature (including data

integrity & time-stamping) ü  Complementary to MDM

Mobility

ü  Secure mCommerce transactions (Transaction Signature, protects also CC data)

ü  Simplify User Experience ü  Automate 3DSecure transactions on

Mobile

mCommerce ü  Secure Access to medical records ü  Sign data when records modified and/or

added ü  Authenticate patient ü  Secure patient data communication

mHealth


OK

ü  What are the risks if I loose my phone ? ü  What are the risks to download a rogue application from a mobile public store ? ü  How easy is it to activate the application and what are the risks during the process ? ü  Is the User Experience really easy ? ü  What are the risks of brute force, man in the middle and other sophisticated attacks ? ü  Did the application pass penetration tests ? ü  What are the coding techniques to guarantee top security ? ü  Are they credentials transmitted over the air ? What are the risks ? ü  Is it real time based ? With time-stamping ? ü  What happens when the user changes the phone’s clock ? ü  Does it work on all Mobile platforms ? ü  Does the solution considered supports real time-based : OTP, mutual-authentication & transaction

signature ? ü  Does the solution supports Jailbrake/Root detection (even with xcon on iOS) ? ü  Does the solution embeds a secure virtual keyboard ? ü  Does the solution supports end-to-end data encryption within SSL channel ? ü  Does the solution prevents from Cloning ? ü  Is the secret key protected from mobile backups usually not encrypted and potentially stored on the

cloud ?

FAQ on Mobile Authentication Cidway Mobile technology is the answer