B-CERBB-CERBcomplete protection against phishingcomplete protection against phishing
copyright 2008 by Wheel
B-CERBB-CERBcomplete protection against phishingcomplete protection against phishing
copyright 2009 by Wheel2
Various methods of authentication available on the market
B-CERBB-CERBcomplete protection against phishingcomplete protection against phishing
copyright 2009 by Wheel3
According to Accenture research
B-CERBB-CERBcomplete protection against phishingcomplete protection against phishing
copyright 2009 by Wheel4
We notice an increasing popularity of token-based solutions which are relying on mobile phones, and we anticipate that 50 per cent of the future market of two-component authentication will be using this form of protection.
Dr. Allan, market research vice-president, Gartner
4
Information from the market
B-CERBB-CERBcomplete protection against phishingcomplete protection against phishing
copyright 2009 by Wheel5
Wheel’s answer!
B-CERB, authentication and authorization system using mobile
phone as one of the methods for login and confirmation of transactions
Only as effective protection against phishing!
B-CERBB-CERBcomplete protection against phishingcomplete protection against phishing
copyright 2009 by Wheel6
CERBToken, functionality
Login to the bank (one time passwords)
Verification of the identity (challenge - response)
Confirmation of transactions (challenge - response)
B-CERBB-CERBcomplete protection against phishingcomplete protection against phishing
copyright 2009 by Wheel7
Download, installation, activation
+48 600 000 123
CERBToken
Activation code
BANKBANK
B-CERBB-CERBcomplete protection against phishingcomplete protection against phishing
copyright 2009 by Wheel8
Login
Login to your account
User name
Password
John Kowalsky
46914026
login
B-CERBB-CERBcomplete protection against phishingcomplete protection against phishing
copyright 2009 by Wheel9
Transfer confirmationData transfer
Recipient name
Address
Address
Account number
Amount
confirm
Transfer confirmation
confirm
Operation code: 3 8 7 0 5 0 0 0 7
Confirmation code:
Your transfer has been accepted!
John Kowalsky
Akacjowa Street
Warsaw
43 0000 0000 0000 0043
1000,00
387050007
84659281
B-CERBB-CERBcomplete protection against phishingcomplete protection against phishing
copyright 2009 by Wheel
Verification of the bank’s customer identity
204270
790549
Bank calls the customer and ask for generation of verification codes
BANKBANK
copyright 2009 by Wheel
B-CERBB-CERBkompletne zabezpieczenie przed phishingiemkompletne zabezpieczenie przed phishingiem
11
CERBToken
for BlackBerry
CERBTokenfor Windows
Mobile
CERBTokenfor Java Mobile
CERBToken – an ultimate method of authentication in CERB
CERBToken
for iPhone
nowin
AppStore !
B-CERBB-CERBkompletne zabezpieczenie przed phishingiemkompletne zabezpieczenie przed phishingiem
copyright 2008 by Wheel12
CERB is not only the CERBToken!We offer also other modules of authentication:
SMSToken scratch off cards, e-mail, other
equipment tokens of third parties
B-CERBB-CERBkompletne zabezpieczenie przed phishingiemkompletne zabezpieczenie przed phishingiem
copyright 2008 by Wheel13
BANKBANK
““office”office”
IVRIVR
webweb
call call centercenter
otherother
product product II
product product IIII
product product IIIIII
JavaToken
passworpasswordd
...
The same customer – multiple channels of access to products
B-CERBB-CERBkompletne zabezpieczenie przed phishingiemkompletne zabezpieczenie przed phishingiem
copyright 2008 by Wheel14
One customerOne customer
Different authentication methodsDifferent authentication methods
Different channels of accessDifferent channels of access
Access to different productsAccess to different products
The same customer – multiple channels of access to products
B-CERBB-CERBkompletne zabezpieczenie przed phishingiemkompletne zabezpieczenie przed phishingiem
copyright 2008 by Wheel15
Bank systemBank system
e-Bankinge-Banking m-m-BankingBanking
DatabaseDatabaseCERBCERB
““office”office”Call centerCall center
IVRIVR
CERBToken CERBToken generation servergeneration server
CERBCERBAPIAPI
CERBToken CERBToken distribution serverdistribution server
WEB GUIWEB GUI
INTERNET / GSM
broker broker GSMGSM
JAJAAPIAPI
System infrastructure – complete system
B-CERBB-CERBkompletne zabezpieczenie przed phishingiemkompletne zabezpieczenie przed phishingiem
copyright 2008 by Wheel16
Bank systemBank system
e-Bankinge-Banking m-m-BankingBanking
DatabaseDatabase
““office”office”Call centerCall center
IVRIVR
CERBToken CERBToken generation servergeneration serverCERB CERB
engineengine
CERBToken CERBToken distibution serverdistibution server
WEB GUIWEB GUI
INTERNET / GSM
broker broker GSMGSM
JAJAAPIAPI
System infrastructure – engine
B-CERBB-CERBcomplete protection against phishingcomplete protection against phishing
copyright 2009 by Wheel17
Security. Application.
secure installation (activation code)
protection against brute force attack (non-verifable PIN)
protection against copy application to another phone
protection against overwriting of application
possibility of passwords configuration
challenge – response personalization
B-CERBB-CERBcomplete protection against phishingcomplete protection against phishing
copyright 2009 by Wheel18
Security. System.protection against theft of logins, static password and
hidden passwords (one time passwords)
protections against theft of password to digital
signature (challenge - response)
protection against interference in work of OS
(challenge – response)
protection against phishing
protection against “man in the middle” attack
protection against trojans
B-CERBB-CERBcomplete protection against phishingcomplete protection against phishing
copyright 2009 by Wheel19
Furthermore…very competitive price
no logistics cost (no hardware tokens, no TAN cards, etc)
price in polish zloty
high usability
great marketing argument: only as effective protection
against phishing
another argument: very innovate solution
Wheel is polish company (we can modify system
according to your expectations).
B-CERBB-CERBcomplete protection against phishingcomplete protection against phishing
copyright 2009 by Wheel20
CERB system, total cost of usingCERB system maintenance costs, increasingly
year-round supportlogistics costs (only the cost of SMS’s)no costs in case of lost applicationsno costs of appliction renewal
Maintenance costs of a system based on equipment tokens, increasingly
year-round supportlogistics costs (delivery of devices)costs of lost devices (lost, broken -usually around 10%)costs of devices renewal (usually after every 3 years)comparison of total costs after 5 consecutive
years of using for 50.000 users
B-CERBB-CERBkompletne zabezpieczenie przed phishingiemkompletne zabezpieczenie przed phishingiem
copyright 2008 by Wheel21
CERB system, our references