|
The smart way to access UBS telebanking
Rüschlikon/Switzerland, March 30, 2000 — For the first
time ever, a bank in Switzerland is launching a public field test
involving digital ID certificates on smart cards. During the pilot
phase, UBS clients will be able to dial into telebanking using a
personal Swisskey certificate on a new-generation Java card, thus
doing away with the need for a strike list. This solution is the
fruit of close collaboration with Swisskey, the digital ID certification
authority, and IBM Research - Zurich.
A bank needs to be able to ensure that only the legitimate customer
has access via telebanking to account and custody account data.
The customary three-level access control in UBS Telebanking, based
on the contract number, a password and a scratch list (or another
one-time password), offers adequate security but is rather cumbersome
for the user. UBS is one of the first banks in the world to provide
an innovative authentication solution: using the UBS Internet Card,
a multi-application Java card featuring an embedded Swisskey certificate,
clients can dial into the system securely without the need for a
strike list. Experience gained with the pilot run will enable electronic
ID verification processes to be refined further while offering maximum
standards of security.
Electronic ID cards
In Switzerland, quality electronic certificates are issued by Swisskey,
the digital ID certification authority. These certificates are not
limited to a single application: they unambiguously identify a specific
person or firm and are thus equivalent to an ID card. Just as an
identity document or a signature provides proof of legitimacy for
a transaction carried out at a bank counter, Swisskey certificates
are used to verify the bona fide nature of electronic transactions.
Before a certificate can be issued for applications like Telebanking
where security is critical, the identity of the individual concerned
has to be verified beforehand by the applicant presenting an official
document (ID/passport) to an authorized registration point as proof
of his or her identity. In agreement with Swisskey, any UBS and
other banks' branch in Switzerland will provide this service.
Secure private key
Because of their physical characteristics, smart cards are ideally
suited for high-grade certificates as they combine optimum protection
against unauthorized access with maximum convenience and portability.
For the UBS Internet Card, a multi-application Java card conforming
to OpenPlatform specifications was chosen. This standard established
by VISA ensures interoperability between different multi-application
cards on the side of the chip card as well as in the back-end system.
Furthermore, the UBS Internet Card contains a crypto-coprocessor,
and the necessary key pairs are generated within the card itself.
In other words, the private key never has to leave the card, and
with today's technology there is no way it can be cracked. The Java
card, together with the PC-based security software, was developed
by IBM Research - Zurich and integrated into this new
Telebanking solution in partnership with UBS.
Continuously updated information on this IBM security and smart
card software technology is available here.
|
