Everything your customers do in their online bank today, they expect to do in their mobile as well. Without compromising security. This is what Ezio Mobile SDK makes perfectly possible. With built in multi-layer authentication. It's mBanking unleashed.
Ezio Mobile SDK is a Software Development Kit, which can be used to secure
mBanking applications and turn your customers mobile phone into a strong
It embeds leading security standards right in the app, generating dynamic, multi-layer transaction verification and One-Time Passwords (OTP) for any channel. It will also verify and sign transaction details, countering the most advanced attacks such as Man-in-the-Middle/Browser, using Sign-What-You-See functionality.
Ezio Mobile SDK has been optimized for user-friendly security for customers, and to low distribution costs for Banks.
After installing the application built with Ezio Mobile SDK, your customers simply enroll by entering a Registration Code when first activated.
An automatic process then connects to the authentication server and securely personalizes the mobile phone with a unique secret key.
Ezio Mobile SDK takes full benefit from Gemalto’s unrivalled experience in digital security. Keys are securely transferred from the Enrolment and Provisioning Server (EPS) using a proprietary protocol, which is platform independent to guarantee security even when security breaches are identified in SSL implementations. This protocol also allows us to provide end to end protection from the heart of the SDK to the EPS.
Keys are concealed in a software container, locked with both a PIN code and device fingerprint, to prevent cloning attacks. We also use the native Mobile OS encryption services to provide an extra protection against malware attacks. Our key storage benefit from the standard isolation mechanism provided by modern Smartphone OS.
We are taking measures to counter all brute force attacks, therefore the PIN-code is never stored on the phone.
Gemalto is collaborating with independent mobile security experts to ensure the we get an external and unbiased view on our threat model and architecture. These experts are also conducting a final security audit to validate that our implementation meets the highest expectations in term of secure mobile developments.
|OTP generation with Challenge/Response and Transaction Data Signing|
|PIN protection (4 to 8 digits)|
|PIN change option|
|No client-side PIN check|
|PBKDF2/PKCS#5 key generation|
|Easy to implement native API|
|Simplified enrolment mechanism allowing a self registration flow for end users|
|Jailbreak and rootkit detection|
|Event or Time based (1s to 48h time steps)|
|iOS (5.X to 7.X)|
|Android (2.X and 4.X)|
|Windows Phone (7.5, 7.8, 8.X)|
|eBanking / eCommerce|
|mBanking / mCommerce|
|Supports Connected and Unconnected modes|
|EMV CAP (mode 1, 2, 3, 2TDS)|
|OATH (HOTP/TOTP) and OCRA|
We don’t need to remind you that smartphones are here to stay. Now, people expect to do everything from filming their kids or look up ”parkour” in the dictionary to handling their bank errands or research financial products, from just about anywhere. They’re even ready to switch banks, just to get it their way.
The good news is that when being offered high quality mobile services, customers tend to go online more frequently. Experience show that the launch of a smartphone app can increase the amount of mobile logins from 10k to 3m in 8 months. And they are ready to listen to what you have to say.
“We are also seeing that 41% of mobile banking users surveyed have looked up banking-related promotions and discounts through this channel” (Synovate mobile banking perception study, Oct ‘10).
Your customers expect their bank apps to do more than just locating the nearest branch or displaying the current account balance. Customers demand total control over their own financial situation– anytime and anywhere.
All it takes is a full functionality mBanking solution built on the Ezio Mobile SDK security platform.
A part of Ezio Suite
As part of Gemalto’s versatile Ezio Suite, Ezio Mobile SDK apps fit perfectly in any bank’s security lifecycle. It can be accompanied by your choice of complementary products such as the Ezio Server or Ezio Devices (tokens, card readers etc.).
Due to its modular approach, it can easily be integrated to your existing infrastructure, taking the full versatility (combining hardware with software, scaling and multi-layer security etc.) of the Suite to your mobile customers.
» Read more about Ezio Suite
Ezio Mobile SDK is constantly evolving. It follows a clear road-map that ensures regular security and usability improvements, leveraging both software and hardware (Secure Elements, NFC enabled phones and contactless cards etc.) technologies. With Ezio Mobile SDK you subscribe to the best available mobile security, and stay up-to-date with future improvements.
A mobile whaling attack
In July 2011 an Australian business owner got an alarming call from his bank, telling him that $45.000 had been stolen from his mortgage account – by scammers, or swindlers.
» Read more at eBanking Security
mBanking’s Big Advantage
As people turn to mobile phones and tablets as their preferred way to access the Internet, eBankers are seizing the opportunity to significantly enhance the security of their online banking and e-commerce, enable peer-to-peer mobile money and develop a new mBanking channel.
» Read more at Ezio Way
Choosing Ezio Mobile SDK as your platform is a way of ensuring that you meet the leading security standards, which is essential when delivering mobile banking apps to your customers.
The Ezio Mobile solution enables banks and financial institutions to
integrate a strong authentication and signature layer within their mobile
banking applications. Alternatively to build soft token applications
which can be used to secure customer’s PC Banking Channels and complement
existing hardware based tokens.
It is composed of:
A mobile library which purpose is to be integrated within a mobile application. The library provides all services to generate one time passwords (OTP) and transaction data signatures (TDS) on the mobile as well as Secret Key storage and provisioning.
The SDK provides native and simple to use methods, which will hide all the complexity of the cryptographic operations and thus allowing application developers to focus on what they know best - providing an appealing user interface, experience and services.
The authentication server is in charge of validating the OTP and transaction signatures for each user and device.
An Enrolment and Provisioning Server, which is in charge of registering new users and devices in the system as well as securely provision personal cryptographic keys on the mobile phone.
EPS is designed to work with the Ezio Server, but can also be linked to any 3rd party authentication server - thanks to its modular approach (requires a plug-in development)
EPS supports SSM and HSM key provisioning.
Product Manager, Mobile Solutions