EISST - Enterprise Information Security Systems & Technologies

June, 12. 2008

Platforms for ultra-secure web transactions

Some of the points touched on above also apply to enterprises wishing to provide their employees and/or customers with strong security means for accessing the corporate domain or for transacting over the Web. The slow penetration of online banking compared to other Internet activities is a clear indication that both the financial institutions and the end users are aware of the high vulnerability of the current Internet browsing platforms when it comes to carrying out sensitive transactions.

Platforms for ultra-secure web transactions

Recent FFIEC regulations requiring two-factor authentication in financial business are aimed at mitigating the risks associated with the use of Internet-based applications and services. The rise in the variety and sophistication of cyber fraud and identity theft points to the strong need to provide protection well beyond the simple perimeter level.

Here we wish to report on the slow but steady emergence in the industry of ultra-secure products for Web transactions. These products offer the combined features of a smart-card-enabled hardware token, a mass storage device for data encryption and a secure application platform.

As shown in Figure 5, this new family of products exploits standard smart-card technology to deliver PKI-compliant two-factor authentication, on-the-fly hardware encryption and digital signatures of both data and transactions. The on-board SSL engine allows seamless enforcement of mutual client-server authentication as definitive protection against phishing or man-in-the-middle attacks.

At the same time, a second, read-only layer holds embedded zero-footprint applications such as anti-keystroke-loggers, anti-virus, biometric sensors and Web transaction engines that enable users to be identified and to securely access and operate online without the need to rely on PC resources. A final, third security layer is dedicated to the safe storage of personal and financial data, which can be kept permanently encrypted and managed without fear of exposure to the PC operating system and its vulnerabilities.

The usability advantages of this new generation of products for end users are obvious, especially when presented as an easy-to-use device such as a familiar USB stick and with no major learning curve to master. Furthermore, the flexible on-board flash memory allows remote updating of the applications??� databases and security components in order to oppose new threats without having to physically replace the units.

The possibility of loading such devices with a variety of preinstalled and preconfigured security applications opens the road to targeted offerings and functionalities specifically designed for the online needs of vertical markets. Finally lifting the security concerns of financial institutions and corporations without overburdening the end users with complex and unfriendly procedures will undoubtedly increase the number of online bankers, e-commerce and Web transaction clients, ultimately transforming them from passive users to active customers.

« Back to section

	Articles
	June, 12. 2008 Platforms for ultra-secure web transactions Some of the points touched on above also apply to enterprises wishing to provide their employees and/or customers with strong security means for accessing the corporate domain or for transacting over the Web. The slow penetration of online banking compared to other Internet activities is a clear indication that both the financial institutions and the end users are aware of the high vulnerability of the current Internet browsing platforms when it comes to carrying out sensitive transactions. Recent FFIEC regulations requiring two-factor authentication in financial business are aimed at mitigating the risks associated with the use of Internet-based applications and services. The rise in the variety and sophistication of cyber fraud and identity theft points to the strong need to provide protection well beyond the simple perimeter level. Here we wish to report on the slow but steady emergence in the industry of ultra-secure products for Web transactions. These products offer the combined features of a smart-card-enabled hardware token, a mass storage device for data encryption and a secure application platform. As shown in Figure 5, this new family of products exploits standard smart-card technology to deliver PKI-compliant two-factor authentication, on-the-fly hardware encryption and digital signatures of both data and transactions. The on-board SSL engine allows seamless enforcement of mutual client-server authentication as definitive protection against phishing or man-in-the-middle attacks. At the same time, a second, read-only layer holds embedded zero-footprint applications such as anti-keystroke-loggers, anti-virus, biometric sensors and Web transaction engines that enable users to be identified and to securely access and operate online without the need to rely on PC resources. A final, third security layer is dedicated to the safe storage of personal and financial data, which can be kept permanently encrypted and managed without fear of exposure to the PC operating system and its vulnerabilities. The usability advantages of this new generation of products for end users are obvious, especially when presented as an easy-to-use device such as a familiar USB stick and with no major learning curve to master. Furthermore, the flexible on-board flash memory allows remote updating of the applications??� databases and security components in order to oppose new threats without having to physically replace the units. The possibility of loading such devices with a variety of preinstalled and preconfigured security applications opens the road to targeted offerings and functionalities specifically designed for the online needs of vertical markets. Finally lifting the security concerns of financial institutions and corporations without overburdening the end users with complex and unfriendly procedures will undoubtedly increase the number of online bankers, e-commerce and Web transaction clients, ultimately transforming them from passive users to active customers. « Back to section

		Login Register	Search:

Articles

Platforms for ultra-secure web transactions