About Us | Search | FAQ | Contact Us
Security has always been one of the less glamorous corners of the IT infrastructure on which modern banking depends. But the advent of new security technologies opens up many possibilities for banks to provide a range of leading edge new technology services.
The advent of the Internet as a mass-market communication medium has created demand for better access to banking service, personalisation of services and the development of new online services accessed through the Internet. Customers expect to be able to access their account details, pay bills or gather information about other financial services such as receiving personalised insurance and loan quotes. At the same time, customers expect the highest levels of security to apply, with the minimum of visible interruption to their own web-browsing activities.
for Higher Security
New Security Technologies: maximising site throughput
The disadvantage of this approach is that the security keys for each user session must usually be generated at the start of the session, by the server. This complex mathematical operation can tie up an undue proportion of server processing time, limiting the number of users who can access the site at once and slowing down the access process. If many customers attempt to access the site at once, queues can build up while each customer’s web browser is issued with an authorisation code.
SSL-based acceleration offloads this processing burden to an external security processor and enables service providers to make the best use of their existing servers and bandwidth, serving more customers more efficiently and maximising the return on investment in the web site. Products like nCipher’s nFast seamlessly integrate with server hardware and software to ensure that a large number of requests for codes can be fulfilled in a very short time.
This is particularly useful in financial services where the load on web sites is extremely variable. Online brokerages see peaks at the start and close of the trading day, or when a particular company’s shares are moving fast. If a whole stock market starts to move fast, trading volumes can climb to many times the typical daily volume. Plus, the ease of online trading has accelerated the growth in share trading volume, with stock trading becoming a profitable hobby for many Americans as they trade shares in the technology companies whose products and web sites they use.
Pure banking sites can also suffer from peaks, usually more predictably at the start and end of the business week, at the end of the month and at the end of financial accounting periods as customers visit the site to settle bills and check their financial status. Use of security accelerator technology can provide these customers with a much more satisfactory experience when they visit the bank’s web site.
A side effect of using digital certificates is that it makes it more important to protect the server itself the server contains a code which is used to validate certificates and which must not fall into the wrong hands. Again, specialist security hardware can provide the answer, by maintaining the all-important root key away from the main server and keeping a security barrier between it and the main server, which is accessible from outside. This provides many advantages, not least improving the scalability of the system, an important consideration when uptake of Internet services and the range of services themselves.
The main technical advantage is that a smart card can store a code much more complex than a person could be expected to remember, it is stored away from the computer so makes it harder to access the account, and that the code can easily be updated or replaced on the memory chip.
The main technical disadvantage is that it requires users to have a card reader attached to their computer though the cost of this is reducing. Smart cards are also useful at the server end to manage the certificate server and access to the web server. Key management hardware such as nCipher’s nFast/KM range uses smart cards to activate the device and enable it to start issuing or validating certificates and codes.
Leadership in technology and security confers many branding advantages on banks, demonstrating the core attributes which build customer confidence in their services. For many financial service institutions, this has created an opportunity to build leadership in the application of new security technologies. A good UK example is Barclays Bank’s Endorse system. This grew out of an internal authorisation system, which was developed to provide an efficient service to issue and check digital signatures (a form of certificate used to validate or sign electronic documents). Users are issued with a signature on a smart card, and nCipher nFast technology generates the codes used.
Barclays has since used the Endorse project as the basis for offering external security services. The first example was a pilot scheme for the UK government which used the Endorse system to secure access to a range of government tax and employment forms over the web.
Users of nFast products have the security of knowing that both the software and hardware architecture of the key management products nFast/KM and nFast/CA have been evaluated and passed by FIPS laboratories at the appropriate levels.
by Colin Bastable
|Home | About Us | Search | FAQ | Contact Us|