IDentiWall Functional Architecture - for Secure E-banking

 

IDentiWall is designed to actively combat the known types of attacks as well as those which will be devised in the future. Special attention is given to support for multi-disciplinary fields, all of with are connected to the ability to provide a secure environment for online banking.

Whether the attack is directed at the online banking  web site or the customer computer, if it succeeds, the result would be devastating for both the bank and the customer and put the existence of online banking itself in doubt. Therefore, IDentiWall is equipped with a variety of functions that serve as means to the end of enabling effective protection against the different types of attacks.

The diagram  shows the major functional components of the IDentiWall platform that are designed to provide these functions.

HTTP Gateway

The IDentiWall http gateway performs both the essential low level TCP-IP handshake and communication services needed by the system, and higher level functions need for security. It acts as session manager and  redirection router. It provides a filtering facility, firewall and mechanisms to defend against specific security challenges such as denial of service and bogus IP addresses.

Cyber Defender  

Cyber Defender (not shown) is a specific software component that defends against threats such as injection of OS commands and SQL, cookie tampering and many others.

IDentiWall Authentication Server

There are many varied authentication methods, each of which is best suited for a given situation. Therefore, a special effort was made to support a variety of authentication systems with IDentiWall. As new authentication methods are developed, IDentiWall will support them as well. Online banking is characterized by the need to handle large numbers of customers who are not necessarily used to using special security precautions. This dictates the need to emphasize ease of use and continuous availability of the authentication system.

IDentiWall Location Server

One of the parameters IDentiWall uses for estimating risk exposure for a transaction is a metric of location. In applications that allow data input from different remote locations, IDentiWall collects information about the location of the customer's computer, location of the cellular telephone handset, of the credit card and of the customer in the bank web site and the route by which he or she arrived there. IDentiWall uses sophisticated correlations to apply this information in estimating the effect of location metrics on risk exposure level.

IDentiWall Verification Server

The verification server ensures that the transaction that is executed is the one intended by the customer. The frequency of attacks that are based on misdirection of the intended actions of the e-banking customer grows daily, making the verification server a basic element in creating a secure online banking environment. The process of verifying customer intentions disables the capacity of the attackers to achieve their goals. It is executed over two separate communications networks, using a technique that prevents the attackers from carrying out their plan. 

IDentiWall Recording Server

The effectiveness of a security system for online banking requires a means of recording customer actions. These recordings have numerous uses in post-mortem investigations of security breaches, as part of the CRM, and in special cases, they may be used for surveillance of suspect customers or transactions. IDentiWall also supports a playback facility that allows those responsible for security, monitoring and customer experience to perform an orderly reconstruction of customer actions.

IDentiWall Session Risk Assessment Server

Estimation of the risk engendered by customer actions contributes the ability of IDentiWall to take into account different factors such as the risk involved in transactions, their location, past activities and the like, and to set the level of service accordingly. Thus for example, IDentiWall can block or delay a customer request originating from their fixed computer workstation if their wireless telephone handset is located in another country. Moreover, IDentiWall can take into account unusual activity such as transfer of funds to a new account that has no history,  highlighting the need for a risk assessment system.

IDentiWall Messaging Server

The messaging server handles the basic functions of initiating authentication and verification messages to the customer via SMS and receiving the replies.

IDentiWall Messaging Gateway

Messages from the bank transmitted by IDentiWall to the customer can be routed through the Messaging Gateway. The function of the gateway is to ensure that the message actually reaches its intended destination even in extreme conditions when the SMS server is not providing the requisite quality of service. In that event, the Messaging Gateway will select a different SMS service vendor  from the battery of available servers.

IDentiWall Investigation WorkBench

The Investigation Workbench enables execution of digital investigations of issues related to IDentiWall and the knowledge bases connected to it. Information from the various sources undergoes correlative analyses, according to a requested sequence, for example, along the time axis, and is displayed to the to the investigator in clear and readable way.  The system also supports specification of automated investigations that are executed whenever a defined type of incident takes place. IDentiWall automatically registers the results of the investigation in a digital investigation file and sends an alert with a link to the file to the appropriate investigator.  

IDentiWall Security Syndication Server

IDentiWall is designed to cooperate with other IDentiWall systems through the Syndication server. Cooperation in a syndicate means that whenever IDentiWall senses that it is the under massive cyber attack, it informs the syndicate of which it is a member.

In turn, the syndicate checks the policies it must execute upon receipt of the notification, and activates them.

Examples of this functionality can include:

·       Sending alerts to other syndicate members to raise the security level by prohibiting certain activities on their protected web sites.

·       Total shutdown of all online banking web sites if more than one bank is under massive attack.

 

IDentiWall Protects against online Security Threats

Made4Biz IDentiWall provides a robust, scalable, upgradeable security solution for online financial transactions through the public Internet and virtual private networks. Its   theft-proof authorization mechanism alerts victims and security personnel to ongoing attempts to use stolen identities. It combats attacks based on phishing, man-in-the-browser software,  code injection and other hacker strategies.

The heart of the system is an innovative mechanism for dual-network authentication and verification, taking advantage of customers' wireless telephones to provide a one-time password for each entry using SMS. This innovation makes possible a system that is easy to use, requires no new hardware and no changes to banking software or customer computer software.

IDentiWall builds on this functionality to provide a complete out of the box system that is robust, scalable, maintainable, and ready to meet threats that will emerge with developing technologies as well as existing ones.

A sophisticated database and policy mechanism make it possible to use user location, past behavior and other information to optimize the response to attacks. A syndication mechanism ensures that financial institutions and their IDentiWall systems are alerted to general threats, and an investigative workbench allows tracking and surveillance.

IDentiWall is ideal for online e-banking, brokerages and e-shopping. IDentiWall supports a hacking and phishing-proof new e-shopping method.  

More about IDentiWall

Meeting the Threat - What security threats face on-line banking today?

IDentiWall Architecture - This schema will help you understand what IDentiWall does and how it does it

IDentiWall Technology - This table outlines the sophisticated technologies underlying IDentiWall

IDentiWall versus Smartcards and Tokens - How does IDentiWall measure up against other types of solutions?

IDentiWall versus in-house development - Read this before you try to develop your own system - don't say we didn't warn you!

Articles About IDentiWall

Made4Biz Security announces IDentiWall secure e-Banking - [June 1, 2008] IDentiWall secure e-banking extends IDentiWall VPN to provide ultimate security for online financial transactions over the public Internet in an easy to implement, easy to use, robust and scalable solution. More

IDentiWall Products

IDentiWall VPN

IDentiWall Citrix

IDentiWall Wi-Fi

IDentiWall Web mail

IDentiWall Web

IDentiWall Non-Repudiation

IDentiWall eBanking

IDentiWall Student

IDentiWall Pay-as-you-Go

IDentiWall Brochures

IDentiWall Secure e-Banking

IDentiWall versus Do-it-Yourself Security Software

Visit IDentiWall - Secure Online Financial Transactions Web Site

 

 

Home - Dynamic Security | Privacy Policy | Copyright and Trademark Info