|
‘New levels of security’ for online banking
|
30/10/2008
|
| |
A prototype device developed at IBM’s Zurich Research Lab is set to bring a new level of security to online consumer banking.
Called the Zone Trusted Information Channel (ZTIC), the device plugs into a pc’s USB port and creates a direct, secure channel to a bank’s online transaction server, bypassing the pc.
The consumer can use the security stick to logon and validate all transactions via a display, while the USB device is securely connected to the server, safeguarding against attacks.
According to IBM, the device adds an extra level of security to the existing authentication solutions provided by smart card, PIN or one time validation codes.
“In the presence of an ever more professionally operating e-crime scene, it became obvious that pc software based authentication solutions were potentially vulnerable and that we needed to innovate to stay ahead,” explained Dr Peter Buhler, manager computer science at the Zurich Lab. “The design of the solution was governed by, and is based on, the analysis of pros and cons of present and announced alternative solutions.”
ZTIC effectively moves the cryptographic and user interface processes away from a pc onto the ZTIC device, creating a trusted communication endpoint between the banking server and the user. When used with a smart card, which can be inserted into the device, the solution is said to bring a new level of end to end security.
ZTIC, which runs the commonly used TLS/SSL protocol, consists conceptually, of a processing unit, volatile and persistent memory, a small display and at least two control buttons, as well as an optional smartcard reader. The software is configured with a complete TLS engine, including cryptographic algorithms, an HTTP parser and custom system software.
|
| |
Author
Graham Pitcher
|
| |
| |
|
| Email this article |
| |
|
|
|
|