Secure Internet Banking

1
Secure Internet Banking
MartSoft Corporation
2
Agenda

• Solution Overview
• Deployment Overview
• MartSoft Advantages
• Combine With ATM IC Card?
• About MartSoft

3
Solution OverviewOur Top Requirements Security
and Simplicity
Internet
Mutual Identity Authentication
End User w/ a Smart Token
Secure Server

• The Client-side includes
• Smart token
• The Server-side includes
• Backend user database integration - issuance,
  admin , self-service
• Front-end (Web site) integration replace
  password login / logout pages with token pages
• Certificate certificate authority Private
  (free) or public (annual fee)

4
What Are Inside a Smart Token

• Inside the token are
• Smart Card IC - EAL4 certified
• Crypto processor FIPS -certified
• MartSoft Card OS (Operating System)
• Crypto key(s) and user certificate(s) (MartSoft
  Token can hold multiple certificates)
• User can choose different packaging

MartSoft is experienced in coordinating with
local partners to manufacture tokens toward
customer needs
5
Deployment Overview
Web site and backend server setup
6
Smart USB Token Benefits
Multiple Purposes
Portable
Standardized
Common Access Card
Windows WHQL
Secure FIPS, EAL4,
Plug Play USB Token
7
MartSoft Product Catalog for Secure Online
Identity
  Token Issuance and Management Server    (Per
secure web site)

• Product No.?A-120-B V1.2
•       Supports Windows XP/2000/2003
• Token issuance, management, remote
  communication
• Optional maintenance, customization services

8
MartSoft Advantages
9
Comparing with Other Smart Cards / Tokens

• Proven MartSoft certified security and crypto
  technologies are adopted by leading vendors in
  the public and the private sectors
• Designed for Windows We fully support Windows.
  On Windows you can use it for digital signature,
  secure email, Windows logon, VPN, , fully
  exploit the value of a smart card.
• Interoperability Support industry standards,
  good interoperability and easy maintenance
• Flexibility MartSoft products have been embedded
  into various devices in different packages like
  card, USB key, door lock, contactless, Wi-Fi,
  etc.
• Open Platform On MartSoft Token?we provide
  development tool kit so customers can create new
  features quickly on demand
• Single-chip Solution vs. others (ASIC-based)
  More robust, more secure with less costs

10
Comparing with Other Means of Authentication
Best Choice!
11
Enterprises require PKI for security now, growth
for USB token is 92 2002-2006 - IDC Report
12
Lessons Learned When Online Banking Token mix
with ATM IC Card

• Cost Concerns A myth is that combined ATM IC
  card with online banking token will cut down the
  total costs. But the reality is that
• CUSTOMERS WILL NOT PAY FOR ATM CARDS from their
  pockets since they already have taken it for
  granted
• CUSTOMERS ARE WILLING TO PAY FOR ONLINE BANKING
  TOKENS to enjoy its convenience and safety, to
  protect themselves proactively
• IC card a reader is much more expensive than a
  USB token
• So when they are forced to combine together, ATM
  IC card becomes more expensive
• because of the required extra software, hardware,
  card storage space to make online
• banking work. While a lot of ATM card holders are
  NOT using them at all.
• Expensive Integration of Different Suppliers from
  Different Industries to Work Closely ATM IC
  cards and smart USB tokens are manufactured,
  supplied by 2 entirely different industries.
  Online banking token requires a security software
  company to do that. While a card manufacturer
  does not possess that kind of caliber. The cost
  and time to integrate the two to work together,
  is largely underestimated.

13
Lessons Learned When Online Banking Token mix
with ATM IC Card (cont.)

• Managed by Different Bank Divisions
• ATM card issuance and online banking are
  typically managed and supported by different bank
  divisions with different security policies.
  Coordination costs cannot be ignored if you want
  to combine the 2 together. Who is responsible for
  what? Since stealing from ATM or online banking
  requires different techniques by different
  criminals, security measures must be different.
• Marketing to One or Two Different Customer
  Demographics?
• ATM holders and online banking users are
  different demographic groups, they are marketed /
  promoted by different marketing campaigns
  typically. Customers are supported, retained,
  suspended in different ways, too. The marketing
  integration factor must be thought through.

14
Lessons Learned When Online Banking Token mix
with ATM IC Card (cont.)

• Technology Compatibility Issues
• Many smart cards are still incompatible with
  many readers on different PC platforms.
• Eg. Dell O2 Micro reader is incompatible with
  many smart cards
• Eg. Target readers is incompatible with Amex
  cards
• ...
• Too many such issues make users frustrated,
  support expensive. PC users dump
• them since they often find they need use one
  reader for one purpose. One for online
• banking, but need to switch to another one for
  tax reporting, etc.
• While USB is a much more universal technology.
• Inconvenience A reader is bulky to carry,
  especially when you are traveling. And the extra
  routine to plug in the reader, then insert the
  card, is considered too much for consumers today.

15
Lessons Learned When Online Banking Token mix
with ATM IC Card (final)

• Conclusion
• Higher total cost
• Takes longer time
• More confusion for customers
• Customers dont use that
• Our Suggestion
• Keep them separate, they are fundamentally
• different things

16
About MartSoft

• MartSoft offers cutting edge solutions for secure
  Internet identity solutions based on
  cryptographic tokens. MartSoft's cryptographic
  token solution is certified by NIST of US
  government, and CSE of Canada government to be
  used for highly confidential purposes. MartSoft
  products are used by US Federal governments
  system integrators and Fortune 500 companies in
  USA and Europe.

• Other References
• CNET http//investor.news.com/Engine?Accountcne
  tPageNameNEWSREADID1028335TickerACTISOURCE
  SFM06426042004-1
• NIST http//csrc.nist.gov/cryptval/140-1/1401val
  2004.htm380
• FIPS certificate http//csrc.nist.gov/cryptval/1
  40-1/140crt/140crt380.pdf
• Atmel News http//www.atmel.com/dyn/corporate/vi
  ew_detail.asp?FileNameSmartCardSolution.html
• Atmel is among the world top 4 smart card IC
  makers
• ActivCard News http//www.activcard.ca/newsroom/
  press_releases/042604_us.html
• ActivCard is the 1 smart card supplier to US
  DoD
• Smart Card Alliance http//www.smartcardalliance
  .org/industry_news/industry_news_item.cfm?itemID1
  300
• Many others coming

17
Major Business and Technology Partner Atmel

• Founded 1984, NASDAQ ATML
• 1.3 Billion USD sales in 2002,
• 36 in North America, 31 in Asia, 31 in
  Europe.
• No. 1 in micro-controller eeprom integration
• No. 1 in FLASH Smart Card Products
• Poised to be the leader in Smart card IC
  technology
• Many chip suppliers drop out or lose market
  share, Atmel is the only one with growth
• Smart Card IC vendors growth 2002 vs. 2001
• Infineon 13 (revenue) 3 (market share)
• ST Micro 47 -38
  
• Philips -22 -8
• Atmel 23 44
• Aggressive technology road map
• Advanced EEPROM cell, patented technology
• 03 0.25um CMOS, up to 512K byte EEPROM

18
(No Transcript)
19
Thanks
20
Login by A Smart Token
21
Client-Side Protection
(2) Mutual Authentication
(3) One-time Session Protected, Encrypted Secure
Channel
(1) User activates the secure smart card /
token every time before use
22
Server-Side Authentication
HTTPS Secure Server
Internet
(4) SSL authentication and encryption
with Certificates, PKI calculation from the
Client token
23
Clean Sign-off, No Traces Left
24
Clean Sign-off, No Traces Left
HTTPS Secure Server
Internet
(5) Take the lock away, all SSL sessions
automatically self-destroy upon that event. No
data caching, no passwords, nor private keys
exposed. All base on FIPS-certified crypto
calculation