Solution for Banks to Issue Security Tokens to Customers
Most people now access Internet banking for online transactions just by typing a username and password into a Website. Getting access to this is like a single key to a single lock. Many people use trivial passwords that are easy to guess. Even though Banks provide lot of security measures like OTP for preventing online intruders but still doesn’t overcome problems like Keystroke loggers, man-in-the- middle etc.
We help to Protect your Customers:
The Sixscape addresses these problems by strong client mutual authentication replacing Username/Password. This solution involves deploying a DIR server at the bank’s HQ. Each account agent, when signing up a new customer, instead of giving them an OTP token, can use an IRP client to register them on the DIR server (possibly aided by access to the bank’s customer database) and generate a private key and X.509 client digital certificate, directly into a FIPS-140-2 compliant USB security token. They also generate a random (but easily remembered) pass phrase that enables access to the key material in the token.
To access their bank account, the customer inserts their security token in any computer and uses it to do strong client authentication to the bank’s Website. Any significant transaction could perform a cryptographic challenge against the key material in the token via the Web, to make sure the customer is in possession of the correct token.
The Sixscape provide the necessary tools to install the trusted roots for their DIR server in their Web server, as well as revocation checking via OCSP server.