Title: PBS SSD project 2006
1PBS - SSD project 2006
- Or how to establish a secure customer service
interoperable between banks
2PBS Goals to achieve
- User authentication with certainty
- Client server Link two way full secure
- Interoperability global
- User friendly global
- Easy to deploy IT manager level
3PBS suggested SSD scheme
PC environment
Data
Trusted environment
Seal code on keyboard
Data
Sealed Data
Signature by password
Seal algo
Seal code
4PBS - SSD Modus operandi(i.e. payment procedure)
Bank Server
With hardware token
1 after connecting to network, PC display bank
log on page with browser
2 user insert card in reader
3 user authenticate with pin
4 authentication process in card
Payment done
5 authentication succeed, then smart card
calculate seal code
6 user type seal code on PC and secure access
is granted to bank server
7 bank server send payment page to user
8 bank server send a code printed on the screen
fully scrambled
9 user moves the reader to the screen to catch
the scrambled data
10 the data are processed and displayed on the
reader screen
11 the reader ask for user authentication and
user enter pin
12 authentication process in card
13 authentication succeed and smart card
calculate seal code
14 user type seal code on PC and payment
acknowledge to bank server is done
welcome to bank
Payment process
112158
010185
OK!
582111
5PBS SSD Questions
- As the device has no secure scheme, is it a real
trust environment ? - Is a password enough secure, as it can be
transmitted, stolen, forge, etc. ? - Having different capture link (screen capture,
pin capture, etc.), is this not going to increase
the weakness of the system ? - If seal code needs to be typed, isnt it another
opportunity to forge the system? - Where is the Acknowledgment of delivery ?
- Where is Dating of the events ?
- Where is Exchange Confidentiality ?
- Is emitter Identity and signature irrevocable ?
- Is receiver Identity and signature irrevocable ?
- Do we have Integrity and non repudiation ?
- Do we have any traceability for all the acting
parties ?
6Orcanthus Goals to achieve
- User authentication with certainty
- Client server Link two way full secure
- Interoperability global
- User friendly global
- Easy to deploy IT manager level
- Electronic document type any for full
interoperability - Emitter authentication with certainty
- Receiver authentication with certainty
- Confidentiality global
- Files integrity certification emitted and
received - File Protection global
- Acknowledge of receipt official
- Electronic signature on all documents
- Approval or rejection of document content
official, with contractual value - Time frame protection global
- Time-stamping all action, including sealing,
opening and content approval - Over all process certification global
- Legal aspect legal record of all previous
features
7Orcanthus Secured Bank Modus operandi -
(registration)
1 the customer register to the bank (needs to
be physically at the bank)
2 the user will fill up a registration form,
and bring proof of his identity with an official
ID document
3 after checking, Bank will deliver and load
inside a smart card 4 user fingerprints and
Bank Certificate for user
4 - the user leave the bank with 1 software, 1
Biothentic reader, 1 USB cable, 1 smart card
5 the user install software and hardware on his
computer
6 the user test all the application by going to
test procedure on bank server
7 test procedure finished and successful,
system is ready for official use.
Bank
Customer
Bank officer
Name Address Acnt N Tel E-mail
8Orcanthus Secured Bank Modus operandi -
(client server link)
1 after connecting to network, PC display bank
log on page with browser
2 user insert card in reader
3 application ask user for fingerprint capture
4 user swipe finger on reader
5 matching process is executed (fully inside
the smart card)
6 matching is successful, security application
is open
7 server and smart card exchange user and
server certificate to encrypt the link in both
ways
8 link is fully secure, application can start
between authenticated user and bank server
Welcome to PBS
Finger please
OK!
9Orcanthus Secured Bank Modus operandi - (i.e.
on line payment - emission)
1 The user open the bank application for
payment
2 The user download the payment document (PD)
3 The user fill up the form
4 The user open a Secured Bank Envelop (KE)
5 The Secured Bank server (KS) ask for
authentication
6 The user swipe finger on Biothentic reader
for authentication
7 when authentication is good, the KS send to
the Secured Bank client (KC) some random keys
8 The user load the KE with PD and when finish,
KC ask authentication to seal the KE
Payment received
9 The user swipe finger for authentication
10 Authentication accepted, the KC seal the
envelop with the different keys and issue a KE
print
11 The KC send the KE print to the KS, which
will store the print This print includes all
details of the KE
12 The user send the KE to the bank server
13 Transaction is done. The KS has all details
of the KE, and the bank has the KE in global.
Only the bank get the PD
Secured Bank Client (KC)
download fill up open KE
Payement
Finger please
OK!
10Orcanthus Secured Bank Modus operandi - (i.e.
on line payment - reception)
1 The receiver want to open the KE
2 The KS ask for a strong authentication
3 The receiver insert his card inside the
reader and swipe his finger
4 When the authentication is good, KS checks if
all the opening requirement asked by the sender
are complying
5 When the conditions are fulfilled, KS send to
the receiver the keys to open the envelop
6 The receiver computer calculate a NEW print
of the KE
7 When the print is exactly the same, then the
document is open
8 The user can now execute the payment
instruction
9 KS updates the KE from emitter and the one
made by the receiver with all the events (date,
time, name, signature, acknowledge, refusal,
certificate, etc.)
Payment done
Receiver
OK!
swift 10000
Finger please
OK!
11- Thank you for your attention