Two Factor Authentication On Mobile, Solution for tomorrow?

Nicolas Fort, Product Manager

Solution for today !

2

Agenda

VASCO Overview

Existing solution overview

Let’s hunt for the perfect solution

DIGIPASS for Mobile presentation

Conclusion

3

Global company

Listed on Nasdaq: VDSI

The world’s leading software company, specializing in Internet security

Approximately 9,000 customers in 100+ countries, including 1,300 banks

Corporate Profile

4

Existing Solutions Overview

Static Password

Hardware based 2FA

SMS OTP

SIM OTP

MPKI

5

Static Password

Pros

Cons

Free - Almost

Already deployed

Useless - almost

forbidden

6

Authentification hardware

Pros

cons

Air gap Security

Flexibility

Simplicity

Logistic

Unappropriate for mobile

Difference

7

MPKI / PKI

Pros

cons

Security if SEE present

Legal binding

Non-Répudiation

Non interoperable

Deployment usually based on SIM (mobile)

If (M)PKI software : FIPS 140-2 L3

Connected mode only (almost)

8

SIM OTP

Pros

Cons

SEE

Usable on most GSM’s

Connected/unconnected

No interoperability

Complex deployment, non discretionary

Very complex technical & business infrastructure

Upfront costs

Telco change, prepaid cards etc……

9

SMS OTP

Pros

Cons

Quick setup

Easy deployment

User pays for SMS(MO, not MT)

Education

Users pays for the service

Transmission delay, Roaming can be difficult

Open network

Moving costs

Connected mode only

10

Hunt for the solution

11

DIGIPASS for Mobile résumé

Multi channel

Connected/ unconnected

Authentification / transaction signature

Supports a mix of authentication methods

Time base (+ Time & Event)

Low deployment cost and independant of usage.

12

DIGIPASS for Mobile – some details

J2Me, BlackBerry, Palm, iPhone, iPod Touch, Windows Mobile, NTT Docomo (i-mode), Android, Symbian, Brew.

Alternate methods :

Digipass for Web

Hardware Digipass

Virtual Digipass

Integration partners (Clear2pay, LemonWay, Mfoundry, Sybase, FundTech, Fiserv etc…)

…

13

DIGIPASS for Mobile – deployment

DPXDPX

Registration

Registration

ProvisioningProvisioning

from: MyBank.com

Please find your DIGIPASS at this location : CLICK HERE

14

DIGIPASS for Mobile in a world of compromises.

15

Conclusions

2FA is necessary to ensure proper defense for e-banking, m-banking application access.

Solution has to mitigate Security, Price and acceptation and be sure that the server side architecture will accept and follow todays tomorrows needs.

VASCO offers since 15 years

A modular client solution

A bullet proof server solution

A strong and renowned experience in banking industry

16

Questions/answers