Identity Assurance for Banking旭昇資訊股份有限公司

2

Agenda

Positioning of ActivIdentity Secure Banking SolutionsOverview of component productsMulti channel authentication infrastructureReferencesSummary

3

Overview of ActivIdentity Solutions

B2E - Employee Identity Assurance and SSOEmployee Access CardsSecure Remote AccessSingle Sign On

B2C – Multi-channel Customer Authentication (BANKING)Strong (Two Factor) AuthenticationAuthentication Services Infrastructure

4

Gartner Strategic planning assumptions

By year-end 2005, fewer than 5 percent of online financial institution customers will be able to transfer more than $1,000 out of their accounts unless they use an authentication method that cybercriminals and phishers can't readily subvert (0.7 probability)

By year-end 2007, as much as 7 percent of banks in the United States, and 30 percent to 50 percent worldwide, will have forced their customers to authenticate using hardware tokens (0.7 probability).

By year-end 2007, 50 percent of today's stronger methods for customer authentication won't be strong enough to safeguard against phishing and malware (0.8 probability).

5

Solution Components

Hardware Devices One Time Password (OTP) tokensHand held Smartcard readers

Authentication and Credentials Management SoftwareSoftware development toolkit - ActivIdentity SDKAuthentication and Credentials management Server -ActivIdentity 4TRESS Authentication Server4TRESS Express, entry level version scheduled for release in 2006

6

Who is the Buyer?

- May incorporate corporate and retail banking

- Approx 200K – 5M users- Support for range of credentials types- Multiple channels- Interface to existing credentials

- Corporate or retail banking customers- Approx 25K to 500K users- May include static credentials- Internet and/or phone channel- Authentication subset of project scope

- Corporate banking customers or subset (eg high value) of the retail customers

- Approx 25K to 250K users- Internet channel, extensibility to phone- Scope limited to strong authentication

Characteristics

Medium size to large bank is selecting authentication solution as part of strategic infrastructure upgrade

Project to deliver new service requiring authentication for that service

Project implementing strong authentication for the first time to protect an established service.

Description BuyerCategory

CTO/CIOStrategic authentication infrastructure

eCommerce/ phone channelProject team

New Service projects

eCommerceProject team

Strong authentication projects

7

Product Catalogue

Hardware devices

Mini Token

Token One

Key Chain Token

Token XL

ActivReader Solo 2

Software

ActivIdentity Authentication SDK

4TRESS Authentication Server

8

Product Catalogue

Hardware devices

Mini Token

Token One

Key Chain Token

Token XL

ActivReader Solo 2

Software

ActivIdentity Authentication SDK

4TRESS Authentication Server

Simple to use token that generates a one time password at the press of a buttonPriced to be highly competitive for volume sales within the Retail Banking market. Long battery life - 10 year life expectancy

9

Product Catalogue

PIN activated tokenGenerates a one time password at the press of a button, or in response to a challenge Sign transaction parametersSupports PIN change and PIN unlock

Hardware devices

Mini Token

Token One

Key Chain Token

Token XL

ActivReader Solo 2

Software

ActivIdentity Authentication SDK

4TRESS Authentication Server

10

Product Catalogue

PIN activated tokenGenerates a one time password at the press of a button, or in response to a challenge Supports PIN change and PIN unlock4 year life expectancyAvailable with a customer lifetime replacement guarantee

Hardware devices

Mini Token

Token One

Key Chain Token

Token XL

ActivReader Solo 2

Software

ActivIdentity Authentication SDK

4TRESS Authentication Server

11

Product Catalogue

Desktop version Suitable for partially sightedPIN activated tokenGenerates a one time password at the press of a button, or in response to a challenge Supports PIN change and PIN unlock8 year life expectancy

Hardware devices

Mini Token

Token One

Key Chain Token

Token XL

ActivReader Solo 2

Software

ActivIdentity Authentication SDK

4TRESS Authentication Server

12

Product Catalogue

Handheld stand-alone, smart card readers Generates one-time-passwords or transaction signature for strong two-factor authenticationSupports a number of smart card based schemesCertified for use with EMV CAPUser replaceable batteries providing a long life

Hardware devices

Mini Token

Token One

Key Chain Token

Token XL

ActivReader Solo 2

Software

ActivIdentity Authentication SDK

4TRESS Authentication Server

13

Example of EMV AuthenticationUser interactions - Logging into account

User logs on to bank portalPortal requests Username and OTP;The User inserts their card into the reader;The User presses the CODE button on the ActivReader;The device requests the PIN;On entry of the correct PIN the device responds with a One Time Password;The user enters the code into the system and entry is granted to the site.

CODE OR SIGNENTER PIN

****

PASSCODE

12437768

14

Product Catalogue

Authentication and credentials management toolkitSupport for tokens & smart cardsSimple, rapid integration onto existing banking systemsSupported on MVS, SUN Solaris™, Microsoft Windows®and Unix®

Hardware devices

Mini Token

Token One

Key Chain Token

Token XL

ActivReader Solo 2

Software

ActivIdentity Authentication SDK

4TRESS Authentication Server

15

Product Catalogue

Full Authentication ServerSupport for knowledge and device based authentication schemesBrowser based user interfaceLifecycle management of user credentials and physical devices Centralized digitally signed tamper evident audit log Scalable secure resilient architecturePortable across a wide range of application platformMasterCard Validated CAP Token Validation Server

Hardware devices

Mini Token

Token One

Key Chain Token

Token XL

ActivReader Solo 2

Software

ActivIdentity Authentication SDK

4TRESS Authentication Server

16

Channel Specific Authentication Solutions

Each channel has an authentication solution that is unique to that channel. Passwords and processes vary across the different channelsHigh cost of administration and maintenance Multiple points of access increases points of compromiseCore functionality is rebuilt for each channel

Phone

Customers

Corporate Internet High worth

AuthAdminAudit

AuthAdminAudit

AuthAdminAudit

AuthAdminAudit

17

Multi-channel Authentication Infrastructure

Consistent approach to customer authentication regardless of the ChannelA single integrated set of authentication, administration and audit servicesA simplified model improves security by reducing points of compromiseReduced cost of administration and supportSupports deployment of new channelsExtend authentication schemes without impacting channels

Phone

Customers

Corporate Internet High worth

AuthAdminAudit

Enterprise level authentication services

18

Example Deployment

19

Leader in Secure Digital Identity Deployments

Enterprise

Hewlett-PackardHeidlebergerRenaultKDDICarphone WarehouseBritish TelecommunicationsHoffmann LarocheMonsantoAirbus IndustriesTotalAlstomST Microelectronics

Government

U.S. Dept. of Defense Singapore DSTAU.S. Dept. of EnergyU.S. Dept. of InteriorU.S. Dept. of TreasuryDutch Ministry of WaterSpanish Ministry of Public WorksAustralian Tax OfficeVeterans AffairsUK Police ForcesFrench Ministries

Finance

Barclays Bank PLCFirst MidWest BankCrédit AgricoleM&T FinancialFiservSwedbankNordeaDanske BankPKOZaba BankSociété GénéraleDeutsche Bank Group

20

Case Study - Föreningssparbanken – FSPA (Swedbank)

High volume – 2.2 million tokens issued (multi-vendor –2m from ActivIdentity).Challenge/Response based authentication solution;Challenge/Response based digital signature;OTP capable solution.Integrated within FSPA’sexisting back-end systems and internet portalSolution is a security enabler for additional servicesAllow high volume transactions (which has gradually increased)Compliant with digital signature mandates to provide non-repudiation.

ActivIdentity Token One & Authentication SDK

21

Summary - Pain Points Addressed

Compliance

Disjointed auditLack of controls over user access

Weak Authentication

Overdependence on static passwordsRisk of fraud

Reputational Risk

Erosion of confidence in low cost channels

Cost of operation

Set up

Reset & unlock

Revocation

Single channelsolutions

Customer unfriendlyCost of operation for multiplesystemsMultiple registration processesLack of scalability

Questions & Answers

旭昇資訊股份有限公司TEL+886-2-2701-6052URL:www.sric.com.tw