8/8/2019 EzIdentity EndToEnd Security SDK
1/2
EzIdentity E2E SDKEnd-to-End Digital Encryption & Signing
made easy
End-to-End Encryption prior to Authentication (E2EE)
For Banks seeking to implement compliance driven
Dataconfidentiality and Integrity, EZMCOM offers its E2E SDK.
Aneasily pluggable, platform independent End-to-End
applicationlayer security that ensures encryption process is kept
intact fromthe point of data entry to the final system destination
wheredecryption and/or authentication takes place. Confidentiality
andIntegrity of User data from one point to another point
atapplication layer is easily ensured by the E2E SDK
integration.
The Problem:Regulatory authorities across the
globe have acknowledged thethreat of Phishing to
financialinstitutions and called for strongerauthorization and
authenticationfor their online customers. In theU.S., FFIEC and
Securities andExchange Commission haswarned users of
keystroke-loggingsoftware, phishing scams andtraditional snoops as
waysfraudsters could obtain access toonline banking accounts and
stealmoney. Regulators across the globe
such as Monetary Authority ofSingapore (MAS) has set
forthInternet Banking and TechnologyRisk Management
Guidelines(IBMRT) that requires end-to-enduser data confidentiality
andintegrity at an application layerindependent of
underlyingtransport layers (SSL).
As banks deploy 2nd Factorauthentication for logins, they
alsoneed to address the End-to-End
encryption /Decryption of theseauthentication credentials of
theuser in their Internet Bankingsystems for compliance.Regulations
require the bank toimplement encryption securitypertaining to the
customer's PINand other sensitive data in an end-to-end approach at
the application
E2EE Checklist:
The most important aspect of dataencryption is the protection
andsecrecy of the cryptographic keysused, whether they are
masterkeys, key encrypting keys or dataencrypting keys. No
singleindividual should know entirelywhat the keys are or have
access toall the constituents making upthese keys. All keys should
becreated, stored, distributed orchanged under the most
stringentconditions.Section 4.1.3, IBTRG v3.0, MAS
It should be noted that SSL is onlydesigned to encrypt data in
transitat the network transport layer. Itdoes not provide
end-to-endencryption security at theapplication layerSection 4.4.6,
IBTRG v3.0, MAS
Encrypt transmission ofcardholder data across open,public
networks PCI DSS Requirement 4
You may not know it, but you'releaving millions on the table
whenit comes to business-to-business e-commerce Experts and
practitioners saycompanies should require theirB2B partners to use
encryption forany sensitive information -customer data, marketing
strategy,labor relations and unreleasedfinancials - transmitted
over theInternet.CSO, the Resource for SecurityExecutives
layer. This means the encryption
process is kept intact from thepoint of data entry (i.e.
Browser) tothe final system destination wheredecryption and/or
authenticationtakes place. This could require amulti channel
implementation bythe Bank catering to the MobileBanking, Internet
Banking, B2BThird-Party vendor integrationthat involves customer
informationetc. Furthermore, Banks need tocater for heterogeneous
OperatingSystem and Browser platforms as
well.More often due to issues ofinteroperability (Java to .NET
orMobile Operating systems to PC/Workstations), Banks find
itchallenging to implement E2EE fortheir IT systems.
The Solution:EzIdentity E2EE SDK is a robustsuite of libraries
and plug-ins that
extend the benefit of Public KeyEncryption for all regulatory
andcompliance driven applicationlayer encryption. Use of a 3rd
partyvendor library allows the Bank toabstract the E2EE application
layersecurity from its applicationvendors and command morecontrol
and flexibility.
8/8/2019 EzIdentity EndToEnd Security SDK
2/2
EzIdentity E2E SDKPlatform Independent, Rapid Implementation
Browser Plug-in: E2EE SDK
The point of entry of sensitive data such as User PIN /Password
or Transaction details often begins from thebrowser. EzIdentity
E2EE SDK provides a browser agnostic Java plug-in with simple APIs
for integrating via thepre-existing Java Scripts or Applets of an
Internet Banking system. Employing standards of Public
Keyencryption, this plug-in provides a quick and user transparent
implementation of E2EE at point of data entry.
Mobile platform Plug-in: E2EE SDK
Mobile Banking and commerce applications of a Bank are points of
entry of sensitive data of the User as well.EzIdentity E2EE SDK
provides libraries for integration to iPhone, J2ME MIDP 1.0+,
Blackberry Firmware 3.6+, andWindows Mobile 5.0+. Interoperable
cryptography implementation for each mentioned mobile operating
systemsallow the Banking applications to easily implement E2EE by
integrating with these libraries.
Server side Plug-in: E2EE SDKE2EE SDK for Linux and Windows
Operating systems allows J2EE and .NET Bank applications to process
theUser information for Decryption /Authentication in compliance to
the regulations. Stringent Key Pair protectionimplemented in an
EzIdentity Strong Authentication platform can be leveraged for
robust security.
EzIdentity Benefits
Ease of use: End-users transparent, Simple APIs tointegrate at
Client and Server side. Benefit from rapidimplementation and robust
security.
Standards-based: Implements Open standards of
Cryptography and FIPS compliant algorithms. RSAPKCS, Triple DES,
AES, RC2, OATH standards.
Compliance: Standards and regulatory compliancefor identity,
privacy, policy enforcement, audit andauthentication services (MAS
IMTRG, Sarbanes-Oxley, Basel II, GLBA, HIPAA, FFIEC and more).
Compelling ROI: Maximize ROI on existing 2FAStrong
authentication deployment of EzIdentity.Minimal IT enablement
required.
One Stop Solution: Allows multiple applications to
integrate and implement various configurations ofsecurity as
deemed necessary by the application. Acentrally managed solution
that can provideinteroperability across various Browsers,
MobileOperating systems, Windows and Linux Operatingsystems. Cross
compatibility across J2EE and .NET
About UsEZMCOM designs, develops, markets and supportsidentity
protection products for the financial world,business and commerce
over converging wired and
wireless data channels.
[email protected]
Copyright 2007-2008 EZMCOM, Inc. All rights
