Search

Convenience in Managing Digital Certificate PDF E-mail

The Business Challenge

Data Security Systems Solutions (DS3) has helped one of the major banks in Asia Pacific to strengthen its web application with Digital Certificate Authentication.

The bank is already operating a web application for a group of their Corporate Banking Customers. Application access is only protected by user ID and password, stored in application server. Communication between the application server and the backend system is neither signed nor encrypted.

With the intention to expand its corporate banking service to banking customers from other countries like Malaysia, the bank plans to strengthen the security of its system to guarantee a more secure online transaction service to its customers. It made use of USB cryptographic tokens and is very keen to integrate these tokens to effectively deploy a robust 2-factor authentication solution.

Our Solution

After studying the system, DS3 found 2 major problems in the system:

  • There is no Two-Factor Authentication (2FA) in the system. Anyone who managed to find out the user ID and the password of a user can login to the system. It does not require the user to present a smartcard or a token to the application.
  • The communication between the browser of the user to the application server is not protected, leaving room for fake transactions to be injected into the application server.

By integrating the DS3 Managing Digital Certificate conveniently into the system, the bank is able to achieve the following objectives:

Objective 1 : Strengthening the security of the Corporate Banking Site

With the usage of digital Certificates, the users will have to present a valid digital Certificate to the application server before they are able to proceed. The digital Certificate will be verified with the application server to verify if the digital Certificate was issued by the organization. The digital Certificate will also be verified against the Certificate revocation list to verify if the digital Certificate is still valid. The communication now has SSL 128 bit encryption.

Objective 2: Migrating to 2-factor authentication as a better way of security

USB cryptographic tokens allow the bank to implement a 2FA solution into their web application. The USB cryptographic tokens have to comply to the PKCS#11 standards. With the PKCS#11 interface, the digital Certificates can be stored in the USB cryptographic tokens. Therefore, there was no problem in integrating 2-factor authentication to the current system. In the future, if the bank wishes to assign a different type of USB cryptographic token or a smartcard to the customers, it can do so conveniently, without any hassles.

The Results

  • Greater security that leads to higher customers' trust.
  • Enhance the bank reputation as a bank who provides the best protection for the customers.
 

DS3 is member of

    IBM Information Governance Council  

Follow us on