IBM Research and VASCO present prototype for more secure online banking solutions

English | French

Paris-Nord Villepinte, FRANCE—17 November 2009: At Cartes 2009, IBM and VASCO Data Security International, Inc., a leading software security company specializing in authentication products and an IBM Business Partner, demonstrated a prototype combining IBM's secure banking technology with VASCO's device expertise—bringing a new level of security to online banking for consumers.

The device is based on the Zone Trusted Information Channel (ZTIC) technology developed by IBM Research - Zurich, which creates a direct, secure channel to a bank's online transaction server, bypassing the PC which could be infected by malicious software (malware) or susceptible to hacker attacks. This latest prototype is based on the DIGIPASS® 865, a USB connectable smartcard reader manufactured and developed by VASCO. The prototype will be on display from November 17th to November 19th at Cartes 2009 (Booth: 4L042) security and smart technologies conference in Paris.

The prototype is available in low quantities for initial customer trials.

Announced just over a year ago, the original ZTIC, which continues to be available, is based on a small form factor roughly the size of a memory stick. This latest prototype benefits from the larger footprint of the DIGIPASS 865, which is similar in size, shape and look to a pocket calculator. The DIGIPASS 865 features a built-in smartcard reader that combined with the ZTIC technology enables consumers to log into their online banking account more conveniently and secure—anywhere, anytime. Utilizing the additional keypad, a larger graphical display and an integrated battery for off-line transactions, banks also have more flexibility for their clients without compromising on security.

IBM Research - Zurich scientist, Douglas Dykeman, who heads the ZTIC research, comments, “In speaking with customers many are looking for a combination of the security and ease-of-integration of the ZTIC combined with the convenience of large keypads and displays of traditional smartcard readers. Working with our business partner, VASCO, we developed a research prototype, which leverages the DIGIPASS 865 with our software and requirements. As banking transactions continue to be exchanged electronically, smarter banking solutions for end-consumers, such as ZTIC, are becoming even more critical. With this development, we now have two formidable options.”

“VASCO is proud of its collaboration with IBM. Our collaboration fits the VASCO OEM strategy. Our OEM strategy aims to find new and more convenient, portable, and cost-effective ways of securing the online world. We work with strategic partners to DIGIPASS enable client devices and applications, whatever they may be. We strive to find authentication solutions that can operate on any platform, at any time, for any application,” says Jan Valcke, President and COO at VASCO Data Security.

Technological specifications

ZTIC runs the commonly used Transport Layer Security/Secure Sockets Layer (TLS/SSL) protocol. The software is minimally configured with a complete TLS engine including all cryptographic algorithms required by today's SSL/TLS servers, an HTTP parser for analyzing the data exchanged between client and server, plus custom system software implementing the USB mass storage device profile and a networking proxy for running on a PC. It supports TLS/SSL client authentication as well as common chip-card based challenge/response protocols. As demonstrated in this prototype the ZTIC software can be embedded on several types of form factors.

The use of DIGIPASS 865 requires no extra personalization by the network owner and efficiently leverages exiting investments in EMV infrastructure for financial institutions. EMVs are the 3 by 5 mm² chip embedded in many banking cards.

The combined ZTIC on the DIGIPASS 865 can be used with all standard operating systems, such as Windows, Linux and Mac OS. ZTIC on DIGIPASS 865 uses two replaceable AAA batteries operating the system without connection to a USB port.  Its 20-key keypad, consisting of 10 numeric keys and 10 function keys, also allows the activation of dedicated operations by pressing the function keys.
  
To see the prototype, visit the VASCO booth at Cartes: Booth: 4L042.

About VASCO

VASCO is a leading supplier of strong authentication and e-signature solutions and services specializing in Internet Security applications and transactions.  VASCO has positioned itself as global software company for Internet Security serving a customer base of over 9,000 companies in more than 100 countries, including almost 1,350 international financial institutions. VASCO’s prime markets are the financial sector, enterprise security, e-commerce and e-government.

Forward Looking Statements

Statements made in this news release that relate to future plans, events or performances are forward-looking statements. Any statement containing words such as “believes,” “anticipates,” “plans,” “expects,” “intend,” “mean,” and similar words, is forward-looking, and these statements involve risks and uncertainties and are based on current expectations. Consequently, actual results could differ materially from the expectations expressed in these forward-looking statements. 

Reference is made to the VASCO's public filings with the U.S. Securities and Exchange Commission for further information regarding VASCO and its operations.

This document may contain trademarks of VASCO Data Security International, Inc. and its subsidiaries, including VASCO, the VASCO “V” design, DIGIPASS, VACMAN, aXsGUARD and IDENTIKEY.

For more information contact:
Jochem Binst, +32 2 609 97 00, jbinst@vasco.com.