DSSS helps one of the major banks in Asia Pacific to strengthen
its web application with digital Certificate authentication.
The bank is already operating a web application for
a group of their Corporate Banking Customers. Application
access is only protected by user ID and password, stored
in application server. Communication between the application
server and the backend system is neither signed nor
encrypted.
With the intention to expand its corporate banking service
to banking customers from other countries like Malaysia,
the bank plans to strengthen the security of its system
to guarantee a more secure online transaction service
to its customers. It made use of USB cryptographic tokens
and is very keen to integrate these tokens to effectively
deploy a robust 2-factor authentication solution.
After studying the system, DSSS found 2 major problems
in the system:
- There is no 2 factor authentication in the system.
Anyone who managed to find out the user ID and the
password of a user can login to the system. It does
not require the user to present a smartcard or a token
to the application.
- The communication between the browser of the user
to the application server is not protected, leaving
room for fake transactions to be injected into the
application server.
By integrating the DSSS Managing Digital Certificate
Conveniently into the system, the bank is able to achieve
the following objectives:
With the usage of digital Certificates, the users will
have to present a valid digital Certificate to the application
server before they are able to proceed. The digital
Certificate will be verified with the application server
to verify if the digital Certificate was issued by the
organization. The digital Certificate will also be verified
against the Certificate revocation list to verify if
the digital Certificate is still valid. The communication
now has SSL 128 bit encryption.
USB cryptographic tokens allow the bank to implement
a 2 factor authentication solution into their web application.
The USB cryptographic tokens have to comply to the PKCS#11
standards. With the PKCS#11 interface, the digital Certificates
can be stored in the USB cryptographic tokens. Therefore,
there was no problem in integrating 2-factor authentication
to the current system. In the future, if the bank wishes
to assign a different type of USB cryptographic token
or a smartcard to the customers, it can do so conveniently,
without any hassles.
- Greater security that leads to higher customers'
trust.
- Enhance the bank reputation as a bank who provides
the best protection for the customers.
|
]
Back to Top
