Two Factor Authentication On Mobile, Solution for tomorrow? Nicolas Fort, Product Manager Solution for today !
2 Agenda VASCO Overview Existing solution overview Let’s hunt for the perfect solution DIGIPASS for Mobile presentation Conclusion
3 Global company Listed on Nasdaq: VDSI The world’s leading software company, specializing in Internet security Approximately 9,000 customers in 100+ countries, including 1,300 banks Corporate Profile
4 Existing Solutions Overview Static Password Hardware based 2FA SMS OTP SIM OTP MPKI
5 Static Password Pros Cons Free - Almost Already deployed Useless - almost forbidden
6 Authentification hardware Pros cons Air gap Security Flexibility Simplicity Logistic Unappropriate for mobile Difference
7 MPKI/ PKI Pros cons Security if SEE present Legal binding Non-Répudiation Non interoperable Deployment usually based on SIM (mobile) If (M)PKI software : FIPS L3 Connected mode only (almost)
8 SIM OTP Pros Cons SEE Usable on most GSM’s Connected/unconnected No interoperability Complex deployment, non discretionary Very complex technical & business infrastructure Upfront costs Telco change, prepaid cards etc……
9 SMS OTP Pros Cons Quick setup Easy deployment User pays for SMS(MO, not MT) Education Users pays for the service Transmission delay, Roaming can be difficult Open network Moving costs Connected mode only
10 Hunt for the solution Banking Application WebMobileVoiceATMSMSBranch
11 DIGIPASS for Mobile résumé Multi channel Connected/ unconnected Authentification / transaction signature Supports a mix of authentication methods Time base (+ Time & Event) Low deployment cost and independant of usage.
12 DIGIPASS for Mobile – some details J2Me, BlackBerry, Palm, iPhone, iPod Touch, Windows Mobile, NTT Docomo (i-mode), Android, Symbian, Brew. Alternate methods : Digipass for Web Hardware Digipass Virtual Digipass Integration partners (Clear2pay, LemonWay, Mfoundry, Sybase, FundTech, Fiserv etc…) …
13 DIGIPASS for Mobile – deployment DPX Registration Provisioning from: MyBank.com Please find your DIGIPASS at this location : CLICK HERE
14 DIGIPASS for Mobile in a world of compromises.
15 Conclusions 2FA is necessary to ensure proper defense for e-banking, m-banking application access. Solution has to mitigate Security, Price and acceptation and be sure that the server side architecture will accept and follow todays tomorrows needs. VASCO offers since 15 years A modular client solution A bullet proof server solution A strong and renowned experience in banking industry
16 Questions/answers