cidway mobile usp 03 2012 v1

6
Discover the future of security on www.cidway.com CIDWAY – Mobile USPs

Upload: lfilliat

Post on 08-Jun-2015

201 views

Category:

Documents


0 download

DESCRIPTION

WhitePaper on mobile security in the strong authentication sector

TRANSCRIPT

Page 1: Cidway Mobile Usp 03 2012 V1

Discover the future of security on www.cidway.com

CIDWAY – Mobile USPs

Page 2: Cidway Mobile Usp 03 2012 V1

© 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 2

OK

•  What are the risks if I loose my phone ? •  What are the risks to download a fake application from a mobile public store ? •  How easy is it to activate the application and what are the risks during the process ? •  Do I need connectivity to Authenticate ? •  What are the risks of brute force, man in the middle and other sophisticated attacks ? •  Did the application pass penetration tests ? •  What are the coding techniques to guarantee top security ? •  Are they credentials transmitted over the air ? What are the risks ? •  Is it time based ? Challenge response ? •  What happens when the user change the time zone or the phone clock changes ? •  Does it work on all Mobile platforms ? •  Is it possible to customize the application ? •  Can we use the Authentication application within another Mobile solution for example for

Mobile Banking ? •  Is the solution already deployed and used for Mobile authentication and Mobile

Transactions ? •  Does the solution considered supports real time-based OTP, mutual-authentication &

transaction signature ?

FAQ on Mobile Authentication Sesami Mobile is the answer

Page 3: Cidway Mobile Usp 03 2012 V1

© 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 3

CIDWAY USPs (1/4)

1. User Experience ²  Competitors’ mobile applications (when time based) have a countdown (30s

& 40s) when the OTP displayed is automatically changed. That potentially creates:

ü  User’s stress at input (only X seconds left to input my OTP!), therefore increases the potential input error rate

ü  Waiting time: User prefers to wait until next OTP to have the “full” time-span to input the OTP (that simply can generate 9’000 hours of client’s waiting time per year for a deployment of 100’000 users)

²  Competitors don’t support automatic resynchronization when User change the time of the phone (travelling, etc…), beyond 10min… With Cidway “time management”, input another OTP is enough instead of a complex re-synch process (including potentially a call to the Bank’s Call Center).

²  No waiting time for resending an OTP also in Mobile Banking, as with Cidway technology, the next OTP can be generated just 1 second after!

Page 4: Cidway Mobile Usp 03 2012 V1

© 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 4

CIDWAY USPs (2/4)

2. Security ²  Only Cidway has this unique & patented PIN protection, that is NOT stored on

the phone at all (not even encrypted), never transmitted over the network, neither stored on the Server! Vasco hash the PIN on the phone for example !

²  The PIN code is selected by the User at registration… no additional security breach by sending an initial PIN code to the User

²  Higher security level of the provisioning process, in which the key is generated by the mobile application itself

²  Secure download process from Mobile Store (patent filed) to avoid a fake application, unique to Cidway

²  Time stamping of the OTPs, not supported by Competitors

²  No possible brute-force attack on the PIN, as not store on the mobile

²  Unique mutual-authentication (with time-based OTP), enabled for eBanking & mBanking

²  No need for connected-mode for Transaction signature, reducing interception risks

Page 5: Cidway Mobile Usp 03 2012 V1

© 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 5

CIDWAY USPs (3/4)

3. Functionalities ²  Supports all common functionalities: OTP, Challenge-Response, Transaction

Signature, plus mutual-authentication (not supported by competitors)

²  ALL functionalities available also on the mobileSDK

²  Unique Mobile-Launcher: launch a Web-based mobile application (directly from the mobile) performing a 2-factor authentication, fully transparent for the user.

²  Embedding of several “functionalities” with menus in the “same” mobile application (e.g. eBanking, mBankingWeb, CallCenter…)

²  Already exists on all platforms (iPhone, iPad, iPod, WinMob, Android, RIM, Symbian & others (Java), Brew)

Page 6: Cidway Mobile Usp 03 2012 V1

© 2011 CIDWAY Security SA. All rights reserved – www.cidway.com 6

CIDWAY USPs (4/4)

4. Support & Deployment ²  A fully integrated self-service deployment platform (with automatic detection

of phone types & stores) reduces significantly the deployment & support costs

²  A fully integrated RENEW service (when a User changes or looses his phone) also reduces significantly the support costs: 200’000 phones at an average change rate every 18 months, will generate on average 200 changes per day!

²  Automatic time resynchronization reduces immensely the support costs: only 5% of desynchronized users (on 200’000 users), once a year, would generate about 30 calls per day, just for resynch, if not using Cidway technology!