Portable Authentication- The concept

Online shoppingInternet banking

Mobile bankingOnline gaming

Online bettingEnterprise access

3-D Secure

Sm@rtTAN

VISAdynamic passcode

authentication

Banksys' R4 Authentication

SiBS

Interpay

APACS

FISC IIOTP

Todos has developed security solutions based on smart cards since 1990. Throughout the years, Todos has built up an extensive in-house expertise in designing cost efficient identification solutions for the mass market, with focus on the product, its personalisation, distribution and support.

Todos eCode is a product portfolio for secure remote authentication using One Time Passwords (OTP), Challenge/Response and Electronic Signatures. The OTPs can be generated by a reader and a smart card, tokens, printed cards or mobile phones.

Todos eCode is a cost efficient, portable and secure authentication solution for e-Banking, e-Commerce, Online Shopping with 3-D Secure, Mobile Banking and Enterprise access. Todos eCode is platform and channel independent, providing the possibility to simultaneously authenticate users via Internet, PSTN, mobile network and VPN.

The end user devices in the eCode solution are all easy to learn and easy to use. Also, it is easy to manage for the bank as the devices require no personalisation. Thus, they are easy and cheap to distribute and have minimal need for support.

The Todos eCode solution can be introduced gradually, with different security levels, to suit the development pace of remote services in the bank.

Todos eCode Central System is the heart of the Todos eCode authentication solution and can operate in both a Single Issuer and Multi Issuer configuration. Each Issuer is unique and has its own requirements on authentication method, security, reliability, availability, capacity and integration to its legacy systems. The modularity and flexibility of the eCode Central System enables it to be fully customized to meet customer requirements.

Todos eCode authentication follows the principle of two factor authentication. Based on something you know (i.e. a PIN or a Static Password), combined with something you have (e.g. a smart card), a One Time Password (OTP), a Signature or a Response in a Challenge/Response mechanism is generated.

Todos eCode supports different carriers, and a variety of medias:Smart card- or SIM-based:

- One Time Passwords (with or without PIN) - Challenge/Response and Signatures

Printed One Time PasswordsToken One Time PasswordsSMS sent One Time PasswordsJava MIDP based:

- One Time Passwords (with or without PIN) - Challenge/Response and Signatures

Todos eCode Central System includes several different functions:AuthenticationPersonalisation data generationKey managementCustomer Support ApplicationStatic password verificationPersonalisation of tokens and smart cardsRadius support

Todos eCode Central System also supports the latest industrial standards, including 3-D Secure CAP, MasterCard SecureCode, VISA dynamic passcode authentication, APACS, Interpay, SiBS, Sm@rt TAN, FISC II OTP and Banksys' R4 Authentication.

•

••••

•••••••

- Central System

Reader and smart card

MobilePrinted OTP

Token

- Fight fraud and phishing!

Todos eCode Central System

Todos eCode ezToken

Todos eCode Authenticator

Todos eCode Mobile

OTP TokenIn an eCode solution for

Token based OTPs, the OTP is generated inside the token at the moment of authentication and displayed to the user on the token display.

The user interface of Todos eCode ezToken consists of a display and one single button. With a press on the button an OTP is generated. Combined with a static password, this provides a strong two-factor authentication.

Data for Todos eCode ezToken personalisation is generated by the Todos eCode Central System.

OTP Token is a good intermediate solution if EMV cards have not yet been rolled out.

Mobile - SIM and MIDPBy placing the security application on the SIM

you can use a standard mobile phone for all your bank errands. It is also possible to download a Java application directly to your handset.

The mobile handset is a device most people carry with them all the time and care about. With Todos eCode Mobile SIM or MIDP inside, the authentication device is always close at hand.

Todos eCode Mobile supports multiple banks and service providers on the same SIM card. Each bank/service provider can control their own personalised information independently.

Central System

Reader and smart card

OTPToken

PrintedOTP

Mobile- SMS

Mobile- SIM, MIDP

Mobile - SMSIn an eCode solution for OTP sent by SMS, the OTP is generated

in the eCode Central System upon a request from the user, sent by SMS to a predefined mobile card and displayed to the user.

The eCode Central System has the central functions for generating the OTP and sending it, in addition to the verification.

The mobile handset is a device most people carry with them all the time and care about. With Todos eCode Mobile SMS, the authentication device is always close at hand.

Printed OTPThe OTPs are generated

centrally, then securely transferred to a personalisation bureau which prints the OTPs onto a card or a PIN envelope.

To protect from shoulder surfing, an aluminium foil scratch layer protects the not yet used OTPs. Combined with a static password you achieve a two-factor authentication.

Benefits with Printed OTP:Low initial cost.Easy to deploy, learn and use.Portability: always in your wallet.Easy to distribute using postal services.

Printed OTP is a good intermediate solution if EMV cards have not yet been rolled out.

•••

•

Reader and smart cardIn an eCode solution for smart card based One Time

Password (OTP), the OTPs, Signatures and Responses are generated in the smart card at the moment of authentication and displayed to the user in a portable smart card reader.

There are several models of smart card readers available, with different levels of functionality: Todos eCode Reader, Todos eCode Signature, Todos eCode Authenticator and Todos eCode connectable Authenticator. Todos eCode Signature, Authenticator and connectable Authenticator have small keyboards for PIN entry, Challenge/Response and

Signatures. The eCode readers may also display balance and transactions of e-purse, loyalty cards and other applications. The readers do not require any personalisation, as the security lies in the smart card and the security application. The user has one (or more) standardised readers, thus reader distribution becomes easier and cheaper.

The connectable Authenticator combines the portability and user friendliness of an unconnected reader with PKI qualified signatures when connected to a PC via USB.

JavaJ2ME

Starting off with Central System and tokens

Introducing eCode Mobile New customer segment

EMV card rolloutIntroducing smart card readers

Phase out tokens Bankdevelopment

Example of dynamic authentication solution:

TODOS DATA SYSTEM ABwww.todos.se sales@todos.se

Todos Data System reserves the right to change the specifications at any time and without notice. All trademarks or trade names are the property of their respective owners.

7331887 ----- 061024

Case studies

For further information regarding the different parts of the Todos eCode portfolio please see respective product brochure or contact the Todos sales team. All brochures are available for download at www.todos.se.

"Sign what you see"

functionality

Developing next generation eBanking terminal

ABN AMRO is a prominent international bank, with European roots dating back to 1824. ABN AMRO ranks eighth in Europe and 15th in the world based on tier 1 capital. In 2003, ABN AMRO began an evaluation process for a new generation eBanking terminals, a project called TRaP (Token Replacement Project).

ABN AMRO's main selection criteria were:A secure end user device that implements "Sign what you see" functionality for both unconnected and connected use.A device that will be used as the security device over the next 5-10 years, and must offer long-term support for the ABN AMRO card products today and tomorrow.A supplier with cutting edge technology and know-how, being able to turn customer's business and product requirements into a solution that meets customer demands in the areas of security, smart cards and quality.A device that has ABN AMRO look and feel.Pricing.

After a thorough evaluation of the alternatives, ABN AMRO (BUNL) selected Todos for the development of their new secure end user device "e.dentifier2". A final contract was signed on August 24, 2005, comprising the development of the reader and rollout of more than 2.5 million readers.

•

•

•

••

23 individual banks using Todos eCode in a Multi Issuer setup

SpareBank 1 Alliance is a Nordic bank and product collaboration where the SpareBank 1 banks in Norway collaborate through

the jointly owned group SpareBank 1 Gruppen AS. SpareBank 1

Gruppen AS was established in 1996, and is one of the largest providers of financial services in the Norwegian

market. The Alliance consists of 23 individual savings banks and the product companies of SpareBank 1 Gruppen AS.

SpareBank 1 Gruppen AS is using the Todos eCode solution in a Multi Issuer setup, where all SpareBank 1 banks are using the same eCode Central System, but each individual savings bank has its own operational keys and eCode database.

The Todos eCode authentication solution in this case represents the authentication of end users to their own certificates in a net centric key store system, in which the private keys are securely hosted in a central server. This is part of the national ID scheme BankID.

Says Eldar Skjetne, Director payment services, SpareBank 1 Gruppen AS: “We think that we have together with Todos Data System AB found a solution which is easy to use for the customers. With the security application hosted in the smart card, the customer can easily see the connection between traditional payments with his/her Visa card, and the use of the same card for authentication on the Internet. Customers who wish to have more than one eCode Reader will be able to buy the additional number of readers they like from the bank.”