Enabling PKI for Indian Overseas Bank

Similar documents
Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007

Longmai Mobile PKI Solution

White paper. Implications of digital certificates on trusted e-business.

PrivyLink Cryptographic Key Server *

BMC s Security Strategy for ITSM in the SaaS Environment

Information Security Services

Protect Your Business and Customers from Online Fraud

IT Security. Securing Your Business Investments

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Securing the Service Desk in the Cloud

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Why SMS for 2FA? MessageMedia Industry Intelligence

Preparing for the HIPAA Security Rule

ORACLE DATABASE 10G ENTERPRISE EDITION

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

Licensing Symantec Certificates

Complying with PCI Data Security

20 th Year of Publication. A monthly publication from South Indian Bank.

BANKING SECURITY and COMPLIANCE

Protecting Your Organisation from Targeted Cyber Intrusion

Cisco Prime Cable Provisioning 5.0

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Oracle Data Guard OTN Case Study SWEDISH POST

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

RSA SECURITY SOLUTIONS. Secure Mobile & Remote Access

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Comodo Certificate Manager. Comodo Enterprise

Check Point and Security Best Practices. December 2013 Presented by David Rawle

Online Cash Manager Security Guide

PrivyLink Internet Application Security Environment *

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Integrating F5 Application Delivery Solutions with VMware View 4.5

Secure Data Exchange Solution

Managing SSL Security in Multi-Server Environments

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Licensing VeriSign Certificates

Netwrix Auditor for SQL Server

SHORT MESSAGE SERVICE SECURITY

Intel Enhanced Data Security Assessment Form

Cybersecurity and internal audit. August 15, 2014

Netwrix Auditor for Exchange

Deploying and Managing a Public Key Infrastructure

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers

PCI DSS COMPLIANCE DATA

Injazat s Managed Services Portfolio

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Remote Infrastructure Support Services & Managed IT Services

Securing corporate assets with two factor authentication

Netwrix Auditor for Windows File Servers

Enhancing Web Application Security

Symantec Client Management Suite 8.0

GiftWrap 4.0 Security FAQ

Integration Guide. SafeNet Authentication Client. Using SAC CBA for Check Point Security Gateway

BOLDCHAT ARCHITECTURE & APPLICATION CONTROL

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

Projectplace: A Secure Project Collaboration Solution

Baltimore UniCERT. the world s leading PKI. global e security

PCI Compliance for Cloud Applications

Proposal for Online Backup

WHITE PAPER. Licensing VeriSign Certificates: Securing Multiple Web Server and Domain Configurations

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Security Controls for the Autodesk 360 Managed Services

Cloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security

Eleventh Hour Security+

mcard CPK Supported Solutions

Uptime Infrastructure Monitor. Installation Guide

V ISA SECURITY ALERT 13 November 2015

Information Security Policy

CipherShare Features and Benefits

Security Goals Services

White Paper: Librestream Security Overview

Enhancing Organizational Security Through the Use of Virtual Smart Cards

A Strategic Approach to Enterprise Key Management

Security aspects of e-tailing. Chapter 7

Choosing Encryption for Microsoft SQL Server

Whitepaper. DriveLock. Endpoint Security for IGEL Thin-Clients

Introduction to Cisco Inventory and Reporting

How CA Arcot Solutions Protect Against Internet Threats

Sophistication of attacks will keep improving, especially APT and zero-day exploits

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

Symantec Protection Suite Small Business Edition

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Understanding Enterprise Cloud Governance

DATA MASKING A WHITE PAPER BY K2VIEW. ABSTRACT K2VIEW DATA MASKING

White Paper. Enhancing Website Security with Algorithm Agility

How To Protect Your Credit Card Information From Being Stolen

1.1.1 Introduction to Cloud Computing

PCI Security Compliance

Transcription:

Enabling PKI for Indian Overseas Bank

Indian Overseas Bank Having begun operations in 1937, Indian Overseas Bank's (IOB) primary purpose was to serve the merchants in Tamil Nadu India, who had spread overseas to some of the far eastern countries like Burma, Malaysia, Singapore, Java, Sumatra and Saigon. Today, the bank is a major nationalized bank with a nationwide network and at least 6 branches st overseas. The bank had a net profit of 1050.13 crores as of March 31, 2012. The bank is publicly held, and has its headquarters in Chennai, India. With close to a century of experience in merchant services, the bank is seasoned in protecting the financial interests of corporate customers, and has stepped into the new millennium with a worldclass IT infrastructure for ensuring banking convenience. By partnering with Odyssey Technologies Limited, a leading provider of e-security solutions in the Asia-Pacific region, the bank has also implemented sophisticated PKI-based security infrastructure to protect its customers against various Internet threats while transacting online. Solutions implemented by Odyssey include: PKI-based transaction security for IOB's corporate Internet banking application. A secure document delivery service to digitally sign and encrypt electronic DEMAT statements for depository participants. Transaction Security For Indian Overseas Bank The Need For Transaction Security Aware of the various security pitfalls surrounding Internet banking, IOB wanted to identify a suitable solution for protecting high-value corporate transactions that occur over the Internet. The existing corporate banking application already used password-based authentication, and SSL to protect the users. Bank Internet Users

However, this was not adequate because: 1 Most users on the Internet tend to use weak passwords or the same passwords across multiple services. So even if the passwords were stored encrypted by the application server, it only takes a few minutes to hours for password crackers to crack the passwords. 2 The transactions were happening over a server-authenticated SSL channel. However, there was no client authentication, opening the door for identity thefts. 3 The high-valued transactions could easily be repudiated by the end-user and there were no safeguards against it. Considering the above gaps in security, the bank did not want to risk security incidents and chose to protect the bank's infrastructure preemptively. Solution Identification IOB identified Public Key Infrastructure (PKI) as a suitable technology for protecting its online transactions. With PKI, it would be possible for IOB to protect online transactions against multiple kinds of threats, including identity thefts, transaction repudiation, and breach of confidentiality.

Unfortunately, implementing a full-fledged PKI solution for protecting its banking applications seemed a daunting task because: 1 Integrating PKI with the banking application would take several months and even years to implement, during which time business continuity would be affected. 2 The integration would slow down the application drastically due to processor intensive cryptographic functions. 3 Integration would require changes to the application code-base which could result in breakdown of the application itself. While managed PKI services were a suitable option to overcome the above challenges, it would mean relinquishing control over sensitive data and IOB did not want to risk the implications, being a nationalized public bank. As part of its research into PKI solutions, the bank discovered that Odyssey Technologies Limited, a prominent PKI vendor in the Asia-Pacific region, already had a product that suited its needs without posing the above challenges. Odyssey Snorkel is a PKI-based transaction security server that requires no integration and can literally PKI-enable any application server in a matter of few weeks. Furthermore, the product was already used by many prominent banks and financial institutions in the country successfully, which further assured IOB that Odyssey Snorkel was the right fit for their needs.

Odyssey Snorkel Highlights Built-in Certification Authority to issue digital certificates. Also recognizes third-party certificates. Needs no integration and can be configured to work with any application server. Uses standards compliant, industry strength cryptographic algorithms. Cryptographic performance rivals that of dedicated crypto accelerators. Enables digital signing of transactions by end-user, for non-repudiation. Provides fine-grained access control by page-level filtering. All administrator activities are signed and logged. SNORKEL Other forms of authentication such as One Time Passwords can be added to the application with only a few configuration changes in Snorkel. Provides strong two-factor authentication using digital certificates to protect against unauthorized access and identity thefts. Provides extensive reports. Protects up to 5 applications simultaneously. With a rich feature set that protects both the application and customers, Snorkel found favour with the bank, resulting in the release of a purchase order for Snorkel.

Odyssey Snorkel-TX Implementation Since the corporate banking transactions were of high value, the bank wanted to roll out Snorkel for its corporate customers first. In order to provide the highest form of security for these customers, the bank decided to implement certificate-based authentication for corporate banking. Implementation highlights: The installation and configuration were completed in only 2 weeks, resulting in minimal disruption to business continuity. Due to Snorkel's zero touch deployment model, the implementation required absolutely no change to the existing infrastructure, and especially the application code-base. In addition to deploying Snorkel at IOB's Chennai data centre, a cold standby has been made available at IOB, Hyderabad, for ensuring disaster recovery and business continuity. All transactions are simultaneously updated on the Standby server and maintained up to date. The bank also runs regular fire drills to test the cold standby every six months. Hardware: 8 Core Pentium Processor 32 GB RAM Snorkel Version Snorkel V 2.0 Digital Signatures for Demat Statements In addition to transaction security, the bank also wanted to shift from sending paper statements to electronic statements for its demat account holders since this could support the bank's growing customer base and also result in considerable cost savings.

Odyssey AltaSigna Bank AltaSigna Clients AltaSigna SMB Server is a bulk document creation, signing, encryption and dispatch server that enables small and medium sized businesses to send out large volumes of e-documents to clients securely. Owing to its speed, scalability and unparalleled customization options for creating documents, it has been the solution of choice for many major banks and other financial institutions worldwide. Given that the bank would be able to automate its demat statement dispatch process completely, it was eager to implement the solution for its demat services. Apart from automating the document dispatch process, the solution would also be able to provide: 1 Digital signatures for the documents, so that IOB's customers will be assured of the authenticity of the communication. With the customers receiving many phishing and pharming e-mails every day, this would be a great way to help customers identify legitimate communications from IOB. 2 The customers would not have to install anything on their computers since the e-statements would be in the PDF format, which has built-in signature verification functionality. Hence customer acceptance of the new technology would be quick. 3 Since Demat account statements contain financial information privy to the customer, the bank would be able to encrypt the information contained within the e-statements so that confidentiality is maintained. 4 The bank would be able to easily generate and send e-statements for other departments as well in the future with only a few configuration changes in AltaSigna, accomplished in less than a week.

Implementation Architecture By deploying Odyssey AltaSigna, IOB has been able to completely automate its document dispatch process. Implementation architecture Digital Signing Email File System Data Collection Document Creation SMTP Encryption Browser Business Application AltaSigna End-user Interface OS Platform: Windows XP Memory: 2GB RAM Version: AltaSigna Small and Medium Business 32- bit Every quarter, AltaSigna automatically picks up the content for document creation, in the form of.prn files, from the configured location. The document creation engine parses and extracts the contents, and creates customized e-statements in pdf format. The e-statements are then digitally signed using the configured signing key and encrypted if required. Once the documents are ready for dispatch, they are sent out to customers by e-mail, through the SMTP server. AltaSigna completes the whole process of creation, signing, encryption and dispatch in less than an hour.

Results The implementation of state of the art e-security technologies has underlined IOB's commitment to protect its customers from identity thefts, leading to increased customer confidence. As a result, the bank has been able to: Encourage more customers to use its online services, resulting in lower costs associated with customer service. Protect customers from identity thefts and consequently suffering substantial financial losses. Meet challenges in growing its services and customer base with scalable and reliable security infrastructure. About Odyssey Technologies Limited is a pioneer in PKI technology in the Asia-Pacific region. The company develops products and solutions for transaction security and is recognized by the Controller of Certification Authorities in India as a technology vendor. By isolating the security components and business logic, Odyssey stays true to its zero-touch philosophy and ensures deployment of solutions quickly and effectively without the need for integration or changes to the existing code-base. The company proudly supports the security needs of major banks and financial institutions in the Asia-Pacific region and has earned their trust as a reliable vendor. Odyssey Technologies Limited is based in Chennai, India and is listed in the Bombay Stock Exchange. To learn more about solutions from Odyssey Technologies Limited, visit www.odysseytec.com or e-mail info@odysseytec.com.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information