allinweb agallinweb.ch/wp-content/themes/responsive/images/hb...allinweb –home banking...

ALLINWEB AGALLINWEB AGALLINWEB AGALLINWEB AG

Know to act…Act to winKnow to act…Act to win

Remote Banking & WebsiteRemote Banking & WebsiteOctober 2011October 2011

Index

1. Allinweb and Web Development

2. Allinweb and Web Development Technologies

3. Home banking product

4. Home banking features

5. Remote Banking5. Remote Banking

6. Home banking Architecture

7. Home banking Components

8. Security

2Allinweb 2011 Allinweb 2011 –– All rights reservedAll rights reserved4 October 20114 October 2011

Allinweb and Web Development

Project Management

http://www.prince2training.com/

Recruiting

http://www.jobswiss.ch/

Turistic Portal

www.hotel-sardinien.ch

www.hotel-sardaigne.com

www.hotel-sizilien.ch coming soon

www.hotel-toskana.ch coming soon

Real Estate

www.case-e-appartamenti.com

www.ticase.ch

3Allinweb 2011 Allinweb 2011 –– All rights reservedAll rights reserved4 October 20114 October 2011

Allinweb and Web Development Technologies

Allinweb is able to develop web site in different languages, database, and environments: Allinweb is able to develop web site in different languages, database, and environments:

•• Java/J2EEJava/J2EE

•• .Net.Net

•• ASPASP

•• JscriptJscript

•• VBScriptVBScript

•• ADOADO

•• PHPPHP

•• MSSQLMSSQL

•• OracleOracle

•• MySQLMySQL

•• PostgreSQLPostgreSQL

•• SQL ServerSQL Server

Allinweb is able to develop onAllinweb is able to develop on--site o in remotesite o in remote

Allinweb 2011 Allinweb 2011 –– All rights reservedAll rights reserved4 October 20114 October 20114

Allinweb – Home banking product

Allinweb has developed an eBanking remote platform to allow a fast and safe way to

check your own assets, via web or via mobile.

This eBanking platform is usable by two front end:

Mobile Banking Web (classic home banking)

Home Banking Platform


Allinweb eBanking Platform is also in development for Blackberry and Android

5

Allinweb Home banking - Features

Using Allinweb‘s Home banking, the user, after the login, can verify his

balances/portfolios, read or send the banking messages, search or perform a

transaction:

Account Operation List

Login

Sending Message

Message From Bank


Allinweb Home banking - Transactions

With Allinweb Home Banking, the user can execute the following transactions:

International PaymentAccount Transfer

Domestic Payment

Account

Operation

List

Pending PaymentStanding Orders


Allinweb Remote Banking – Login

Login

Password

Login


Allinweb Remote Banking – Menu


Allinweb Remote Banking – Reports


Allinweb Remote Banking – Account Details


Allinweb Remote Banking – Cash Details


Allinweb Remote Banking – Portfolio Details


Allinweb Remote Banking – Performance


Allinweb Remote Banking – Pending Orders


Allinweb remote banking - Payments

Overview of all Allinweb‘s mobile eBanking

platform features

Account

Transfer

Domestic Payment

International Payment

Pending Payment

Standing Orders


Orange Slip Payment

Red Slip

Payment

16

Select Account Select

Credit

Account

Account Transfer

Data

Allinweb remote banking - Account Transfer

Account Transfer

confirmation

Transfer Status

Message


Select Account Input

Beneficiary

data

Input

Amount

data

Allinweb remote banking - Domestic Payment

Money Transfer

confirmation

Transfer Status

message


Select Account Input

Beneficiary

data

Input

Amount

data

Allinweb remote banking - International Payment

Money Tranfer

confirmation

Transfer

Status

message


Select Account Select

Search

criteria

Allinweb remote banking - Pending Payment

Pending Payment Order

Detail of single

Payment


Select Account Select Search

Criteria

Standing

Order

List

Allinweb remote banking - Standing Order

Details of single

Order


Active / Deactive

a Standing Order

21

Select Account Input Beneficiary data

Allinweb remote banking - Red Slip Payment

Confirmation pageTransfer Status message


Select Account Input Beneficiary data

Allinweb remote banking – Orange Slip Payment


Confirmation pageTransfer Status message

23

Allinweb – Home banking Architecture

Business Logic

J2EE

Application

Server

iPhoneW.S. call

W.S. call

from iPhone

E.J.B. call

Bank’s

Data

Loader

Allinweb Home Banking is based on standard three level components S.O.A. oriented.

BACKEND

DATABASECustomer

Web GUI

E.J.B. call

E.J.B. call

from web

FRONTEND

Bank

Parameterization

Web GUI

BANK SYSTEM


Allinweb – Home banking components 1/2

Business Logic

J2EE Application Server

Web Service

Web Services call or E.J.B. call run the same code

Code

E.J.B.


Allinweb – Home banking components 2/2

Deamon ODI “Middleware” solution

The ODI Deamon wait for at least one file exists in HB path of file for AVQ (in the red box of image below). As soon as a file will be

present in that path, the system starts this iterance:

1) Each file in HB path is sent on AVQ

2) AVQ CHAIN Loading is invoked just after received extraction

3) If everything is OK, on HB the file is moved to “MANAGED” folder, otherwise to “DISCARDED” folder, waiting to be manually

managed if necessary

4) Iterance goes on until file exist in HB path

5) When there is no more file to process, ODI Deamon return to standby status


Input data to access H.B. Platform:

• Contract ID

• Password (must be changed after the first Login)

• User Security Matrix

Allinweb – Home banking Security 1/4


All the data are transmitted over the air ciphered onto a SSL connection… but it’s not enough….

The four cipher key’s …

• PuPu key: this means “Public Public” key. The key is the PUBLIC KEY knows by all the Bank

Customers.

• PuPr key: this means “Public Private” key. The key is the PUBLIC KEY knows by only the

single Bank Customer and different from one bank customer to another.


single Bank Customer and different from one bank customer to another.

• PrPu key: this means “Private Public” key. The key is the PRIVATE KEY that matches with the

PuPu. This key is kept secret and used by the Bank backend to decrypt the message

encrypted with the PuPu key.

• PrPr key: this means “Private Private” key. The key is the PRIVATE KEY that matches with

the PuPr. This key is kept secret and used by the Bank backend to decrypt the message

encrypted with the PuPr key that is used by just a single user.



CRYPTING ON THE DEVICE...

• The message is encrypted in the device using the PuPr key, the “Public key” different for

different bank’s customers:

|-------PuPr(MESSAGE)-----------|

• The (message encrypted with the PuPr key) and the DevID are concatenated together as • The (message encrypted with the PuPr key) and the DevID are concatenated together as

represented in the following image.

|-------PuPr(MESSAGE)-----------|---DevID---|

• The (message encrypted with the PuPr key + DevID), is encrypted again with the PuPu key

and the result is again presented in the image that follows.

PuPu(|-------PuPr(MESSAGE)-----------|---DevID---|)


...AND DECRYPTING ON THE BANK BACKEND...

• The ((message encrypted with the PuPr key + DevID) encrypted with the PuPu key) is

decrypted in the bank backend using the PrPu key. The result is depicted in the following

image that is the same of the image in point (2).

|-------PuPr(MESSAGE)-----------|---DevID---|


• The DevID is now in plain text format and is used to get the PrPr key from the backend Bank

DB for the specific Bank Customer.

• The message encrypted with the PuPr key is then decrypted using the PrPr key for that

Bank’s customer. The result is the message in plain text format that is stored in the Bank

database and in the image that follows is depicted the “plain text” message.

|-------MESSAGE-------|


Allinweb AGAllinweb AG

Corso Corso ElveziaElvezia 1010

CH 6900 LuganoCH 6900 Lugano

Tel: + 41 (0)91 9211646/7Tel: + 41 (0)91 9211646/7

Fax: + 41 (0)91 9211648Fax: + 41 (0)91 9211648

EE--mail: mail: [email protected]@alliweb.ch

Contacts


allinweb agallinweb.ch/wp-content/themes/responsive/images/hb...allinweb –home banking...

Documents