Internet Banking 3.0 Towards a National Secure (and private) Internet infrastructure for Online Banking Uniken Management Team Gopi Gopalan, Chairman of the Board Sanjay Deshpande, Chief Scientific Officer Dr. Pat Shankar, Member of Scientific Advisory Board Ajay Dubey, Chief Product Architect Nanjundeashwar Ganapathy, Chief Technology Officer Prakash Salvi, Chief Delivery Officer Vivek Saxena, Chief Business Officer Nilesh Dhande, Head of DEEKSHA Uniken Innovation Center TruSiteTM (Powered by REL-ID) ENZENTM (Powered by REL-ID) A website authentication technology An end-to-end secure channel and authentication technology NWIReTM National Website Identity Repository CARDSIGNTM An online credit card authentication technology (Powered by REL-ID) InSENSETM (Powered by REL-ID) An intrusion prevention technology REL-IDTM A Distributed Mutual Authentication Technology DEEKSHATM An e-Learning business enabler service ADAPT TM Ad-Sales Management Solution FUELCORETM Aviation Fuel Management Solution PIETM (π) Product Innovation and Engineering Service Internet 1.0 and 2.0! What’s wrong with the internet ? • Invention TCP/IP • Distributed communication infrastructure • • Invention of HTML Primary objective was to distribute and communicate information • Invention of the browser • Dot Com and ecommerce boom (and bust) • Banking industry’s thrust on Internet Banking (the cost reduction drive) • Birth of Cyber Criminals! (well, they were already there, the world awakened to the fact that they are there) NOTHINGS WRONG WITH THE INTERNET Its cheap… Its free (as in anyone can use it), its available (almost everywhere now) Anyone can create any website, put any content, on any server, with any IP address with NO GOVERNMENT CONTROL! Its democracy at its best! If anything is wrong it is the fact that its been used for something that it was NOT designed to be used for in the first place. The designers never said it is for doing secure communications Anatomy of the Internet Infrastructure (The fundamental reason for fraud) Customers PC (Hardware and OS) Browsers Internet(work) [DNS, Routers etc] (Banks) Servers WHAT PART OF THIS IS UNDER THE CONTROL OF THE BANK? Internet Map of the World Would you connect your ATM to such a network? Why would you not allow your customer to browse the internet while he is withdrawing cash? BECAUSE YOU DON’T TRUST THE INTERNET. PERIOD. Now, in case of Internet Banking – add the users PC (hardware/OS) and the Browser to this list – and you will now visualize what one is dealing with! Internet (Banking) 3.0 A Uniken R&D Viewpoint Research @ Uniken The future • From generalization to specialization (from public to private) – TV – Radio • Internet would evolve to a specialized dynamic virtual private networks (layered on top of the underlying communication framework) • Browsers (or web-application entry points) would specialize (Banking Browser, Gaming Browser, News Browser, etc) • The PC would have the technology to dynamically (on demand) become an specialized secure appliance • Mutual Authentication would be de facto standard in identity Uniken’s Patented Technology Virtual User Access Device Secure Browser Secure Desktop Insecure Customer PC Data Tunnel (RMAP Mutually Authenticated and Encrypted) SSL Pipe Customer PC ENZEN 2FA Mutual Authentication REL-ID SoftCard + PIN R-Tunnel Bank’s Servers Dynamic Private Network Layer Bank Datacenter Z-Server R-Tunnel Certificate Authority INTERNET Phishing Man-in-the-middle Session Hijacking Replay Attacks Fraudster’s Machine Fraudster’s Machine Pharming INTERNET Registrar / Other DNS Server Fraudster’s Machine Domain Registrar ISP DNS Server hosts Pharming Modem Man-in-the-browser Man-on-the-machine Customer PC ISP Bank’s Servers TRUBANK 2 STEP BANKING Step 1: Launch (from PC or USB) and Enter PIN Step 2: Start Banking Messaging Add-on (Optional) National Secure (and Private) Infrastructure for Internet Banking Thank You sanjay.deshpande@uniken.com