IDENTIKEY

Identikey Server 3.1Strong Authentication solution against MITM Attacks for e-Banking

WHITE PAPER

Protection against Man-in-the-Middle attacks

As the global leader in two-factor authentication solutions for the financial industry, VASCO® Data Security provides mature technology that has minimal impact on IT architecture, is designed to complement existing security policies, and has been refined by years of experience in the world’s largest deployments in the banking sector. Identikey® Server 3.1 is built around VACMAN® core authentication platform, which offers high security combined with high reliability and flexibility.VASCO’s solution provides two-factor authentication for customer ac-cess to online banking applications and electronic signature function-ality for transaction validation making it one of the best solutions in the market to counter Man-in-the-Middle attacks (MITM).

Strong user authentication brings increased security

Regular static passwords are the weakest link in any security infrastructure, as they can easily be guessed, copied, exchanged, shared, and misused. Simple passwords are easy to remember but highly unsecure. Com-plex passwords also bring insecurity issues because users tend to write them down, creating a potential risk. Two-factor authentica-tion has proven to be the best countermeasure against hacking and password fraud. VASCO’s solutions replace insecure static passwords with dynamic One-Time Passwords, thus introducing a higher level of security. At the same time, e-Signature is required for transaction validation as a countermeasure against MITMA.

Identikey Server protects online applications

By replacing insecure static passwords with a dynamic, time-limited One-Time Passwords, VASCO raises online application security to a higher level. Sensitive banking information is only available to au-thorized users after they have proven their identity. Data theft and sharing of accounts is no longer possible. Identikey Server is an au-thentication solution that can be linked to any web-based application via SOAP.

Identikey Server 3.1 - Strong Authentication solution against MITM Attacks for e-Banking P1

Regular static passwords are the weakest link in

any security infrastructure, as they can easily be guessed,

copied, exchanged, shared, and misused.

Full-option authentication server

Identikey Server 3.1 is a complete server solution for validation of authentication requests and electronic signing of transactions. It has complete functionality and management provided right out of the box. This includes Administration, Authentication for various clients, User management, DIGIPASS® management, and Reporting & Auditing. It is an off-the-shelf solution for banks where a complete functionality and fast rollout are crucial.Identikey Server 3.1 is a perfect fit for banks that want to implement a strong authentication solution without dedicating significant budg-et and people resources or large integration projects. It is also ap-propriate for those banks needing a dedicated authentication server solution.

Easy integration

Identikey Server 3.1 can be easily integrated in existing Internet banking applications through its SOAP interface. Banks can easily add the DIGIPASS technology on top of their existing infrastructure and offer a higher security with little additional helpdesk intervention.Identikey Server 3.1 has little impact on existing infrastructure and resources, thus ensuring low Total Cost of Ownership and decreasing integration costs.Identikey Server 3.1 is a Centralised Authentication Platform with a web-based management interface. It has several front-end clients (RADIUS, WEB, SOAP) so it can be integrated in multiple applications.With Identikey, banks can offer strong authentication as an addition-al security layer to their complete range of banking services: Retail banking, Corporate banking, Mobile banking, Call center, and others.

DIGIPASS provisioning

Identikey Server 3.1 provides provisioning for software DIGIPASS de-ployments.Banks can avoid logistics and administration hassles of DIGIPASS shipments to end users by using software DIGIPASS and Identikey’s build-in provisioning function.The rollout of DIGIPASS for Mobile, DIGIPASS for Web or DIGIPASS 110 through the end user self-management with basically no admin-istrator intervention adds up to user convenience and decreases Total Cost of Ownership.

Identikey Server 3.1 - Strong Authentication solution against MITM Attacks for e-Banking P2

Identikey Server 3.1 is a complete server solution

for validation of authenti-cation requests and electronic signing of

transactions.

New opportunities for Financial Service Providers

Identikey Server 3.1 was designed with web functionality in mind. Several features are available to support this vision, and all functions are accessible through a web browser. Identikey Server 3.1 can be easily integrated with online applications via SOAP. It also uses a web-based administration interface and reports user activity in HTML or XML format.Identikey Server 3.1 is tailored towards providers of managed serv-ices and can be hosted at the service partner where it can be offered as an authentication service.The web-based focus and integration possibilities create unlimited business opportunities.

Authentication Services

By making use of Authentication Services, banks can push a part of the security tasks to a service partner and focus on the real business. These services usually come with a monthly or quarterly invoicing, which is more attractive from accounting standpoint (Cash handling, budget control, investment management, etc).Identikey Server 3.1 is the perfect engine to drive Authentication Services: • It’s a complete server solution that is flexible in applications and scalable in size • Authentication requests on websites can be forwarded through SOAP over SSL to the Identikey Server at the provider’s location• Several customers can be hosted and managed by different del egated administrators• Extensive reporting can be used to get the details necessary for customer invoicing

Simple administration

Identikey Server 3.1 offers several functions that make an administra-tor’s job a lot easier and help saving costs.All administration functions are conveniently available in a single inter-face. This centralised management tool is accessible via any Internet browser from anywhere on the network. This allows for remote man-agement and brings new opportunities for providers of outsourced services.Identikey Server 3.1 has extensive reporting functionality on board that can create useful summaries on user history, DIGIPASS activities, and others. These reports, together with the security audit function, can provide crucial input for helpdesk and accounting purposes.

Identikey Server 3.1 - Strong Authentication solution against MITM Attacks for e-Banking P3

The web-based focus and integration possibilities

create unlimited business opportunities.

Family Concept

VASCO offers a wide portfolio of DIGIPASS authenticators, ranging from single-button and touchpad hardware devices to software- only solutions. The basic functions, user authentication and data authentication, remain the same, but the devices are tuned towards customer’s needs.Virtual DIGIPASS delivers the OTP through SMS or e-mail and can be used as backup in case of failure, lost or unavailable DIGIPASS, or as an extra delivery channel.DIGIPASS for Mobile runs on any Java-based mobile phone and generates the OTP locally. It combines security with high user convenience.

Painless Rollout

Identikey Server 3.1 includes several tools and functions that facilitate a smooth rollout, convenient user registration or migration from existing products. These include a Data Migration Tool, Dynamic User Registration, Password Auto Learn, Bulk Management, Auto assign, and others.A fast and automated deployment gets you started in no time, with less involvement from the IT department. When users can self-assign their DIGIPASS authenticators, update their password, and change their PIN, it lowers the helpdesk interventions and reduces cost.

Protect employees at the same time

In addition to protecting your customer-interfacing banking applications, Identikey Server 3.1 offers various extensions to secure employee remote access. Home workers, remote branch offices, and traveling staff can use the same DIGIPASS technology to safely connect through Firewall VPN, SSL-VPN or any other RADIUS equip-ment to the enterprise LAN.

High Availability

VASCO offers several countermeasures against failure, like server failover, redundancy, and database replication for continuing support as requirements grow and expansion is necessary. Identikey Server 3.1 is scalable to large deployments and is performance upgrade ready.

Identikey Server 3.1 - Strong Authentication solution against MITM Attacks for e-Banking P4

A fast and automated deployment gets you

started in no time, with less involvement from the

IT department.

Identikey Server 3.1 Key Features and Benefits

• Complete off-the-shelf authentication server solution for e-Banking

• Fast deployment and implementation

• Can be easily integrated with existing online banking applications

• Adds strong authentication and e-Signature functionality for safe and secure Internet Banking experience

• Helps combat MITM attacks

• Complete functionality is provided (authentication, administration, reporting, auditing, user management, DIGIPASS management)

• Centralised authentication platform for several service centers (Retail banking, Corporate banking, Mobile banking, etc.)

• Offers DIGIPASS provisioning for DIGIPASS for Mobile and DIGIPASS for Web

• Versatile reporting functionality

• Identikey Integration Program brings administrators up-to-date in a few days

Identikey Server 3.1 - Strong Authentication solution against MITM Attacks for e-Banking P5

About VASCO

VASCO® is a leading supplier of strong authentication and e-signature solutions and services specializing in Internet Security applications and transactions. VASCO has positioned itself as global software company for Internet Security serving customers in more than 100 countries, including several international financial institutions. VASCO’s prime markets are the financial sector, enterprise security, e-commerce and e-government.

BOSTON (North America)phone: +1.508.366.3400emai l : in fo-usa@vasco.com

SYDNEY (Pacif ic)phone: +61.2 .8061.3700emai l : in fo-aust ra l ia@vasco.com

SINGAPORE (Asia)phone: +65.6323.0906emai l : in fo-as ia@vasco.com

BRUSSELS (Europe)phone: +32.2 .609.97.00emai l : in fo-europe@vasco.com

www.vasco.com

Copyright © 2009 VASCO Data Security, Inc, VASCO Data Security International GmbH. All rights reserved. VASCO®, Vacman®, IDENTIKEY®, aXsGUARD™, DIGIPASS® and ® logo are registered or unregistered trademarks of VASCO Data Security, Inc. and/or VASCO Data Security International GmbH in the U.S. and other countries. VASCO Data Security, Inc. and/or VASCO Data Security International GmbH own or are licensed under all title, rights and interest in VASCO Products, updates and upgrades thereof, including copyrights, patent rights, trade secret rights, mask work rights, database rights and all other intellectual and industrial property rights in the U.S. and other countries. Microsoft and Windows are trademarks or registered trademarks of Microsoft Corporation. Other names may be trademarks of their respective owners.