Вы находитесь на странице: 1из 2

EzIdentity E2E SDK

End-to-End Digital Encryption & Signing made easy

End-to-End Encryption prior to Authentication (E2EE)


E2EE Checklist:
For Banks seeking to implement compliance driven Data
confidentiality and Integrity, EZMCOM offers its E2E SDK. An “The most important aspect of data
easily pluggable, platform independent End-to-End application encryption is the protection and
layer security that ensures encryption process is kept intact from secrecy of the cryptographic keys
the point of data entry to the final system destination where used, whether they are master
decryption and/or authentication takes place. Confidentiality and keys, key encrypting keys or data
Integrity of User data from one point to another point at encrypting keys. No single
application layer is easily ensured by the E2E SDK integration. individual should know entirely
what the keys are or have access to
The Problem: all the constituents making up
Regulatory authorities across the these keys. All keys should be
layer. This means the encryption created, stored, distributed or
globe have acknowledged the process is kept intact from the
threat of Phishing to financial changed under the most stringent
point of data entry (i.e. Browser) to
institutions and called for stronger conditions.”
the final system destination where
authorization and authentication Section 4.1.3, IBTRG v3.0, MAS
decryption and/or authentication
for their online customers. In the takes place. This could require a
U.S., FFIEC and Securities and multi channel implementation by “It should be noted that SSL is only
Exchange Commission has the Bank catering to the Mobile designed to encrypt data in transit
warned users of keystroke-logging Banking, Internet Banking, B2B at the network transport layer. It
software, phishing scams and Third-Party vendor integration does not provide end-to-end
traditional snoops as ways that involves customer information encryption security at the
fraudsters could obtain access to etc. Furthermore, Banks need to application layer”
online banking accounts and steal cater for heterogeneous Operating Section 4.4.6, IBTRG v3.0, MAS
money. Regulators across the globe System and Browser platforms as
such as Monetary Authority of well. “Encrypt transmission of
Singapore (MAS) has set forth More often due to issues of cardholder data across open,
Internet Banking and Technology interoperability (Java to .NET or public networks “
Risk Management Guidelines Mobile Operating systems to PC PCI DSS Requirement 4
(IBMRT) that requires end-to-end /Workstations), Banks find it
user data confidentiality and challenging to implement E2EE for “You may not know it, but you're
integrity at an application layer their IT systems. leaving millions on the table when
independent of underlying
it comes to business-to-business e-
transport layers (SSL).
commerce …
As banks deploy 2nd Factor The Solution: … Experts and practitioners say
authentication for logins, they also EzIdentity E2EE SDK is a robust companies should require their
need to address the End-to-End suite of libraries and plug-ins that B2B partners to use encryption for
encryption /Decryption of these extend the benefit of Public Key any sensitive information -
authentication credentials of the Encryption for all regulatory and customer data, marketing strategy,
user in their Internet Banking compliance driven application labor relations and unreleased
systems for compliance. layer encryption. Use of a 3rd party financials - transmitted over the
Regulations require the bank to vendor library allows the Bank to Internet.”
implement encryption security abstract the E2EE application layer CSO, the Resource for Security
pertaining to the customer's PIN security from its application Executives
and other sensitive data in an end- vendors and command more
to-end approach at the application control and flexibility.
EzIdentity E2E SDK
Platform Independent, Rapid Implementation

Browser Plug-in: E2EE SDK


The point of entry of sensitive data such as User PIN /Password or Transaction details often begins from the
browser. EzIdentity E2EE SDK provides a browser agnostic Java plug-in with simple APIs for integrating via the
pre-existing Java Scripts or Applets of an Internet Banking system. Employing standards of Public Key
encryption, this plug-in provides a quick and user transparent implementation of E2EE at point of data entry.

Mobile platform Plug-in: E2EE SDK


Mobile Banking and commerce applications of a Bank are points of entry of sensitive data of the User as well.
EzIdentity E2EE SDK provides libraries for integration to iPhone, J2ME MIDP 1.0+, Blackberry Firmware 3.6+, and
Windows Mobile 5.0+. Interoperable cryptography implementation for each mentioned mobile operating systems
allow the Banking applications to easily implement E2EE by integrating with these libraries.

Server side Plug-in: E2EE SDK


E2EE SDK for Linux and Windows Operating systems allows J2EE and .NET Bank applications to process the
User information for Decryption /Authentication in compliance to the regulations. Stringent Key Pair protection
implemented in an EzIdentity Strong Authentication platform can be leveraged for robust security.

EzIdentity Benefits
Ease of use: End-users transparent, Simple APIs to Compelling ROI: Maximize ROI on existing 2FA
integrate at Client and Server side. Benefit from rapid Strong authentication deployment of EzIdentity.
implementation and robust security. Minimal IT enablement required.

Standards-based: Implements Open standards of One Stop Solution: Allows multiple applications to
Cryptography and FIPS compliant algorithms. RSA integrate and implement various configurations of
PKCS, Triple DES, AES, RC2, OATH standards. security as deemed necessary by the application. A
centrally managed solution that can provide
Compliance: Standards and regulatory compliance interoperability across various Browsers, Mobile
for identity, privacy, policy enforcement, audit and Operating systems, Windows and Linux Operating
authentication services (MAS IMTRG, Sarbanes- systems. Cross compatibility across J2EE and .NET
Oxley, Basel II, GLBA, HIPAA, FFIEC and more).

About Us
EZMCOM designs, develops, markets and supports
identity protection products for the financial world,
business and commerce over converging wired and
wireless data channels.

Sales@ezmcom.com

Copyright © 2007-2008 EZMCOM, Inc. All rights


reserved.