The smart way to access UBS telebanking

Zurich, Switzerland, 30 March 2000—For the first time ever, a bank in Switzerland is launching a public field test involving digital ID certificates on smart cards. During the pilot phase, UBS clients will be able to dial into telebanking using a personal Swisskey certificate on a new-generation Java card, thus doing away with the need for a strike list. This solution is the fruit of close collaboration with Swisskey, the digital ID certification authority, and IBM Research - Zurich.

A bank needs to be able to ensure that only the legitimate customer has access via telebanking to account and custody account data. The customary three-level access control in UBS Telebanking, based on the contract number, a password and a scratch list (or another one-time password), offers adequate security but is rather cumbersome for the user. UBS is one of the first banks in the world to provide an innovative authentication solution: using the UBS Internet Card, a multi-application Java card featuring an embedded Swisskey certificate, clients can dial into the system securely without the need for a strike list. Experience gained with the pilot run will enable electronic ID verification processes to be refined further while offering maximum standards of security.

Electronic ID cards

In Switzerland, quality electronic certificates are issued by Swisskey, the digital ID certification authority. These certificates are not limited to a single application: they unambiguously identify a specific person or firm and are thus equivalent to an ID card. Just as an identity document or a signature provides proof of legitimacy for a transaction carried out at a bank counter, Swisskey certificates are used to verify the bona fide nature of electronic transactions.

Before a certificate can be issued for applications like Telebanking where security is critical, the identity of the individual concerned has to be verified beforehand by the applicant presenting an official document (ID/passport) to an authorized registration point as proof of his or her identity. In agreement with Swisskey, any UBS and other banks' branch in Switzerland will provide this service.

Secure private key

Because of their physical characteristics, smart cards are ideally suited for high-grade certificates as they combine optimum protection against unauthorized access with maximum convenience and portability. For the UBS Internet Card, a multi-application Java card conforming to OpenPlatform specifications was chosen. This standard established by VISA ensures interoperability between different multi-application cards on the side of the chip card as well as in the back-end system. Furthermore, the UBS Internet Card contains a crypto-coprocessor, and the necessary key pairs are generated within the card itself. In other words, the private key never has to leave the card, and with today's technology there is no way it can be cracked. The Java card, together with the PC-based security software, was developed by IBM Research - Zurich and integrated into this new Telebanking solution in partnership with UBS.