Todos_eCode

Document Sample
Todos_eCode Powered By Docstoc
					 PORTABLE AUTHENTICATION
           P                               ORTABLE AUTHENTICATION


- THE CONCEPT   S S
        ONLINE O HOPPING                                         NLINE     HOPPING


       INTERNET BANKING
              I    B                                            NTERNET      ANKING


         MOBILEMBANKING
                   B                                              OBILE      ANKING


         ONLINEOGAMING
                   G                                              NLINE        AMING


         ONLINEOBETTING
                   B                                              NLINE       ETTING




                INSERT SMART CARD IN      A ONE TIME PASSWORD         ENTER OTP TO LOGIN AT
                 SMART CARD READER               IS DISPLAYED           THE INTERNET BANK




                VISA                   FISC II       3-D Secure      EMV™       Sm@rt TAN
                dynamic passcode
                authentication
                                       OTP
Todos has developed security solutions based on smart
cards since 1990. Throughout the years, Todos has built up
an extensive in-house expertise in designing cost efficient
identification solutions for the mass market, with focus on
the product, its personalisation, distribution and support.

Todos eCode is a product portfolio for secure remote                                       Smart card
identification by smart card based generation of One                                       based OTP
Time Passwords (OTP), Challenge/Response and Electronic
Signatures.

Todos eCode offers cost efficient portable authentication
for secure e-Banking, e-Commerce, Online Shopping
with 3-D Secure, Online gaming, Online betting and
Mobile Banking. Todos eCode is platform and channel
independent and provides the possibility to authenticate
users via Internet, PSTN, mobile network or LAN.

The solution is easy to use for the end user and easy to
manage for the bank, requires no personalisation, easy to
distribute and minimal need for support.

The Todos eCode solution can be introduced gradually with
increasing security levels, to suit the development pace of               SIM / SMS
remote services in the bank.                                              based OTP
                                                                                                            OTP Token                     Printed OTP

                              - Central System
Todos eCode Central System is the heart of the Todos eCode authentication solution and can operate in both a Single Issuer and Multi Issuer
configuration. Each Issuer is unique and has it’s own requirements on authentication method, security, reliability, availability, capacity and integration to
it’s legacy systems. The modularity and flexibility of the eCode Central System enables a full customization of an eCode Central System to meet customer
requirements.

The principle of authentication in Todos eCode is two factor authentication, based on something you know (i.e. a PIN or a Static Password), combined
with something you know, for example a One Time Password (OTP), a Signature or a Response in a Challenge/Response mechanism.

                                                    Todos eCode supports different carriers, or different medias;
                                                    - Smart card- or SIM-based:
                                                           - One Time Passwords (with or without PIN)
                                                           - Challenge/Response and Signatures                                              VISA
                                                                                                                                       dynamic passcode
                                                    - Printed One Time Passwords                                                        authentication
                                                    - Token One Time Passwords
                                                    - SMS sent One Time Passwords                                                    3-D Secure CAP
                                                                                                                                           EMV™
                                                    Todos eCode Central System supports several different functions such as:
                                                    - Authentication                                                                   Sm@rt TAN
                                                    - Personalisation data generation                                                         FISC II
                                                    - Key management                                                                          OTP
                                                    - Customer Support Application
                                                    - Static password verification

                                                    Todos eCode Central System also support industrial standards such as 3-D Secure CAP, MasterCard
                                                    SecureCode, VISA dynamic passcode authentication, German Sm@rt TAN and Taiwanese FISC II OTP.


  CASE STUDY - ICA BANKEN                                                          CASE STUDY - CCB
  Successful expansion from food retailer to Internet Bank with                    China Construction Bank implements Todos eCode for
  Todos eCode.                                                                     securing remote access control

  Swedish ICA Banken is using the      holders is the main target group            China Construction Bank (CCB) is     CCB uses two servers as the Todos
  Todos eCode solution to provide      for ICA Banken and their use of             one of the leading bank groups       eCode Central System. The Todos
  secure and easy to use services      the Todos eCode solution.                   in China with 420 000 employees      eCode verification performance
  for their customers. Todos eCode                                                 and 27 000 branch offices. The       is more than 60 per second and
  provides secure identification of    ICA Banken received the award               CCB branch office in the Sichuan     server. The smart card reader
  ICA Banken customers in banking      "Bank of the year 2003" from the            province, with over 10 million       Todos eCode Signature is used as
  through Internet, telephone and      swedish financial magazine Privata          accounts, has implemented the        the eCode system front-end.
  call centres.                        Affärer.                                    Todos eCode authentication
                                                                                   system for securing the internal     Besides being a cost-efficient and
  ICA Banken is the first bank                                                     network access used by its tellers   secure authentication system,
  opened by a food retailer in                                                     from local branch-offices all over   the Todos eCode provides an
  Scandinavia and was launched                                                     the Sichuan province.                easy extension from CCB’s
  during the Spring of 2002. The                                                                                        internal systems to their external
  current 3 800 000 ICA card                                                                                            customers.
In an eCode solution for Smart Card based OTPs, the                                         In an eCode solution for Token based OTPs,
One Time Password (OTP), a Signature or a Response in a                                     the OTP is generated inside the token at the
Challenge/Response mechanism, are generated in a smart                                      moment of authentication and displayed to
card at the moment of authentication and displayed to the                                   the customer on the tokens display.
customer in a portable smart card reader.
                                                                                            There are two OTP tokens available: Todos
There are several models of smart card readers with different                               eCode Token and Todos eCode ezToken.
levels of functionality: Todos eCode Reader, Todos eCode                                    Todos eCode Token is the world's thinnest
Signature, Todos eCode Authenticator and Todos eCode                                        OTP token with the same size as a smart
connectable Authenticator. Todos eCode Signature and                                        card, with keyboard that allows for PIN
Authenticator has a small keyboard for PIN entry, Challenge/                                entry, Challenge/Response and Signatures.
Response and Signatures. The eCode readers also display
balance and transactions of e-purse, loyalty                                                Todos eCode ezToken only consist of a
cards etc. The readers do not require any unique                                            display and a button, with a single press on
personalisation, the security lies in the smart card                                        the button an OTP is generated. Together
and the security application. Since every user has                                          with a static password this provides a
a standardised reader, the distribution becomes                                             strong two-factor authentication.
much easier. The readers are fully compliant
with industrial standards such as 3-D Secure                                                The tokens are fully compliant with
CAP, MasterCard SecureCode, VISA dynamic                                                    industrial standards such as MasterCard
passcode authentication, German Sm@rt TAN                                                   SecureCode, Verified by VISA and
and Taiwanese FISC II OTP.                                                                  Taiwanese FISC II OTP.

The connectable Authenticator combines the                      Smart card                  The eCode Central System has the central
portability and user friendliness of an unconnected             based OTP                   functions in token personalization in
reader with PKI based qualified signatures when                                             addition to the verification of the OTP.
connected to a PC via USB.




      Printed OTP                                           Central System                                     OTP Token

In an eCode solution for Printed OTP, the OTP
is generated in the Central System, printed
on a code card or paper, which is given to
the customer.                                                                          There are two ways to use Todos eCode solution
                                                                                       via a mobile phone, by placing the eCode security
The OTPs are generated centrally, and are                        SIM / SMS             application on a SIM card or by sending the OTPs
                                                                                       by SMS.
securely transferred to a personalisation
bureau that prints the OTP onto a card or a                     based OTP
PIN envelope.                                                                          Todos eCode Mobile supports multiple banks
                                                                                       and service providers on the same SIM card and
To protect from shoulder surfing, an                                                   each bank/service provider can control their own
aluminium foil scratch layer protects the not                                          personalised information independently.
yet used OTPs. This enables a simple but
efficient way of protecting the OTPs, where                                            Todos eCode Mobile follows the ETSI standard
customer can understand if someone else                                                SIM Toolkit and can therefore be used in all
has used an OTP. The solution is combined                                              mobile phones, regardless of manufacturer.
with a static password, to achieve a two-
factor authentication.                                                                 In an eCode solution for OTP sent by SMS, the
                                                                                       OTP is generated in the eCode Server card upon
Benefits:                                                                      a request from the customer, sent by SMS to a predefined
- Low cost and simple to deploy.                                              mobile card and displayed to the customer in mobile
- Easy to understand and use.                                                phone.
- Portability: always in your wallet.
- Easy to distribute, sent by normal postal                                  The eCode Central System has the central functions for
  services.                                                                  generating the OTP and sending it, in addition to the
- Future compatible – you can start off with                                 verification.
  Todos eCode Printed OTP and continue
  with a smart card solution using the same                                  Optionally an OTP SMS Sender is offered which may be used
  eCode host system.                                                         to send the OTPs to the dedicated mobile phone.
    PORTABLE AUTHENTICATION
         P                                               ORTABLE AUTHENTICATION


                                                               eCode                                                    connectable                              Printed
                                                               server      Authenticator     Signature    Reader       Authenticator        Token     ezToken     OTP      Mobile      SMS
                               Technical specifications
                                      Dimensions (mm)              -            86x54x9       70x29x11   67x28x11        101x65x14          86x54x1   58x25x11   86x54x1     -           -
                                              Weight (g)           -              35             24         20        50 (75 w/batteries)     10        20         5         -           -
                                        LCD (characters)           -              14             12         11              2x16              8          9          -        -           -
                             Authentication methods
                                        Static Password          Yes              Yes           Yes        Yes               Yes              Yes       Yes        Yes      Yes        Yes
                                   One Time Password             Yes              Yes           Yes        Yes               Yes              Yes       Yes        Yes      Yes        Yes
                                                Signature        Yes              Yes           Yes                          Yes              Yes                           Yes
                             Transaction Data Signing            Yes              Yes           Yes                          Yes             Yes*                           Yes
                                                    eCode        Yes              Yes           Yes                          Yes              Yes       Yes        Yes      Yes        Yes
                                             eCode EMV           Yes              Yes           Yes                          Yes
        MasterCard SecureCode / Verified by VISA                 Yes              Yes           Yes        Yes               Yes             Yes*       Yes*       Yes      Yes*       Yes
     CAP / VISA dynamic passcode authentication                  Yes              Yes           Yes                          Yes
                                              Sm@rt TAN         Yes*              Yes           Yes        Yes
                                                 FISC OTP        Yes              Yes           Yes        Yes               Yes             Yes*       Yes*                Yes*
                               Mitigates these attacks
                                           Identity theft        Yes              Yes           Yes        Yes               Yes              Yes       Yes        Yes      Yes        Yes
                                             Key logging         Yes              Yes           Yes        Yes               Yes              Yes       Yes        Yes      Yes        Yes
                                                 Spyware         Yes              Yes           Yes        Yes               Yes              Yes       Yes        Yes      Yes        Yes
                                                 Phishing        Yes              Yes           Yes        Yes               Yes              Yes       Yes        Yes      Yes        Yes
                                     Man in the middle           Yes              Yes           Yes                          Yes              Yes                           Yes        Yes
                                          Programmatic           Yes              Yes           Yes                          Yes              Yes                           Yes        Yes
                               Suitable for these cases
                                  View account details           Yes              Yes           Yes        Yes               Yes              Yes       Yes        Yes      Yes        Yes
         Transaction not altering account balance                Yes              Yes           Yes        Yes               Yes              Yes       Yes        Yes      Yes        Yes
                                       View bills online         Yes              Yes           Yes        Yes               Yes              Yes       Yes        Yes      Yes        Yes
                        Bill payment (closed scheme)             Yes              Yes           Yes        Yes               Yes              Yes       Yes        Yes      Yes        Yes
             Bank fund transfer Internet shopping                Yes              Yes           Yes        Yes               Yes              Yes       Yes        Yes      Yes        Yes
                                      (credit card)
                                National fund transfer           Yes              Yes           Yes        Yes               Yes              Yes       Yes        Yes      Yes        Yes
                                   (selected accounts)
                                National fund transfer           Yes              Yes           Yes                          Yes              Yes                           Yes
                                  High risk transaction          Yes              Yes           Yes                          Yes              Yes                           Yes
                          International fund transfer            Yes              Yes           Yes                          Yes              Yes                           Yes

                                                                                                                                                                                 * = optional



   FOR FURTHER INFORMATION                 REGARDING THE DIFFERENT PARTS OF THE                 TODOS ECODE PRODUCT PORTFOLIO PLEASE SEE RESPECTIVE PRODUCT BROCHURE.
     Todos Data System reserves the right to change the specifications at any
     time and without notice. All trademarks or trade names are
     the property of their respective owners.




                                                                                  TODOS DATA SYSTEM AB
                                                                                              Göteborg, Sweden
7331887 ----- 050302                                                                    sales@todos.se www.todos.se

				
DOCUMENT INFO