Everything your customers do in their online bank today, they expect to do in their mobile as well. Without compromising security. This is what Ezio Mobile SDK makes perfectly possible. With built in multi-layer authentication. It's mBanking unleashed.

How does it work? Take a look at our key use case demos:

A secure m-Banking
construction kit

Ezio Mobile SDK is a Software Development Kit, which can be used to secure mBanking applications and turn your customers mobile phone into a strong authentication device.

It embeds leading security standards right in the app, generating dynamic, multi-layer transaction verification and One-Time Passwords (OTP) for any channel. It will also verify and sign transaction details, countering the most advanced attacks such as Man-in-the-Middle/Browser, using Sign-What-You-See functionality.

Easy registration

Ezio Mobile SDK has been optimized for user-friendly security for customers, and to low distribution costs for Banks.

After installing the application built with Ezio Mobile SDK, your customers simply enroll by entering a Registration Code when first activated.

An automatic process then connects to the authentication server and securely personalizes the mobile phone with a unique secret key.


Advanced security

Ezio Mobile SDK takes full benefit from Gemalto’s unrivalled experience in digital security. Keys are securely transferred from the Enrolment and Provisioning Server (EPS) using a proprietary protocol, which is platform independent to guarantee security even when security breaches are identified in SSL implementations. This protocol also allows us to provide end to end protection from the heart of the SDK to the EPS.

Keys are concealed in a software container, locked with both a PIN code and device fingerprint, to prevent cloning attacks. We also use the native Mobile OS encryption services to provide an extra protection against malware attacks. Our key storage benefit from the standard isolation mechanism provided by modern Smartphone OS.

We are taking measures to counter all brute force attacks, therefore the PIN-code is never stored on the phone.

Gemalto is collaborating with independent mobile security experts to ensure the we get an external and unbiased view on our threat model and architecture. These experts are also conducting a final security audit to validate that our implementation meets the highest expectations in term of secure mobile developments.


Technical specification

Enhanced Features
OTP generation with Challenge/Response and Transaction Data Signing
PIN protection (4 to 8 digits)
PIN change option
No client-side PIN check
OTP Scrambling
3DES/AES encryption
PBKDF2/PKCS#5 key generation
Easy to implement native API
Simplified enrolment mechanism allowing a self registration flow for end users
Jailbreak and rootkit detection
Event or Time based (1s to 48h time steps)
Supported Platforms
iOS (5.X to 7.X)
Android (2.X and 4.X)
Windows Phone (7.5, 7.8, 8.X)
Multichannel
eBanking / eCommerce
mBanking / mCommerce
Supports Connected and Unconnected modes
Supported Algorithms
EMV CAP (mode 1, 2, 3, 2TDS)
OATH (HOTP/TOTP) and OCRA
Dynamic Signatures

“Not only do young generations use mobile banking, they switch banks for it, use it frequently, and value it” (Javelin Strategy & Research, March ‘11)

We don’t need to remind you that smartphones are here to stay. Now, people expect to do everything from filming their kids or look up ”parkour” in the dictionary to handling their bank errands or research financial products, from just about anywhere. They’re even ready to switch banks, just to get it their way.

What if your customers dropped by each and every day?

The good news is that when being offered high quality mobile services, customers tend to go online more frequently. Experience show that the launch of a smartphone app can increase the amount of mobile logins from 10k to 3m in 8 months. And they are ready to listen to what you have to say.

“We are also seeing that 41% of mobile banking users surveyed have looked up banking-related promotions and discounts through this channel” (Synovate mobile banking perception study, Oct ‘10).

It's perfectly possible

Your customers expect their bank apps to do more than just locating the nearest branch or displaying the current account balance. Customers demand total control over their own financial situation– anytime and anywhere.

All it takes is a full functionality mBanking solution built on the Ezio Mobile SDK security platform.


State of the art security
- Seed protected with PIN and Device Fingerprint to avoid cloning

- No PIN code storage to avoid all brute force attacks

- Additional protection provided by Native Mobile OS encryption services

- Secure proprietary and platform independent Key Provisioning Protocol

- Secure memory management of sensitive data

- Audited by independent mobile security experts


» Download product sheet

A part of Ezio Suite
As part of Gemalto’s versatile Ezio Suite, Ezio Mobile SDK apps fit perfectly in any bank’s security lifecycle. It can be accompanied by your choice of complementary products such as the Ezio Server or Ezio Devices (tokens, card readers etc.).

Due to its modular approach, it can easily be integrated to your existing infrastructure, taking the full versatility (combining hardware with software, scaling and multi-layer security etc.) of the Suite to your mobile customers.

» Read more about Ezio Suite

Future proof
Ezio Mobile SDK is constantly evolving. It follows a clear road-map that ensures regular security and usability improvements, leveraging both software and hardware (Secure Elements, NFC enabled phones and contactless cards etc.) technologies. With Ezio Mobile SDK you subscribe to the best available mobile security, and stay up-to-date with future improvements.

Made by Gemalto
We define the future of stronger mobile security using Secure Elements and NFC Devices with contactless payment cards. Today, we are involved in 50+ NFC projects worldwide and we communicate a clear road-map that shows where we are taking this solution when technology allows it.

Contact

Want to know more about Ezio Mobile SDK?

Get in touch

More about Mobile Banking

A mobile whaling attack
In July 2011 an Australian business owner got an alarming call from his bank, telling him that $45.000 had been stolen from his mortgage account – by scammers, or swindlers.

» Read more at eBanking Security

mBanking’s Big Advantage
As people turn to mobile phones and tablets as their preferred way to access the Internet, eBankers are seizing the opportunity to significantly enhance the security of their online banking and e-commerce, enable peer-to-peer mobile money and develop a new mBanking channel.

» Read more at Ezio Way

Do It Yourself

Choosing Ezio Mobile SDK as your platform is a way of ensuring that you meet the leading security standards, which is essential when delivering mobile banking apps to your customers.

This is how Ezio Mobile SDK works

The Ezio Mobile solution enables banks and financial institutions to integrate a strong authentication and signature layer within their mobile banking applications. Alternatively to build soft token applications which can be used to secure customer’s PC Banking Channels and complement existing hardware based tokens.

It is composed of:

Ezio SDK
A mobile library which purpose is to be integrated within a mobile application. The library provides all services to generate one time passwords (OTP) and transaction data signatures (TDS) on the mobile as well as Secret Key storage and provisioning.
The SDK provides native and simple to use methods, which will hide all the complexity of the cryptographic operations and thus allowing application developers to focus on what they know best - providing an appealing user interface, experience and services.

Ezio Server
The authentication server is in charge of validating the OTP and transaction signatures for each user and device.

Ezio EPS
An Enrolment and Provisioning Server, which is in charge of registering new users and devices in the system as well as securely provision personal cryptographic keys on the mobile phone.

EPS is designed to work with the Ezio Server, but can also be linked to any 3rd party authentication server - thanks to its modular approach (requires a plug-in development)
EPS supports SSM and HSM key provisioning.


Q&A with
Guillaume Pierquin

Product Manager, Mobile Solutions

Q: Which mobile platforms and versions does the Ezio Mobile SDK support?
A: The Ezio Mobile SDK supports:

- iOS (5.0 and above)
- Android (2.X and 4.X)
Q: What languages can be used to program Ezio Mobile SDK?
A: Ezio Mobile SDK is available in Objective-C and Java languages.
Q: Does Ezio Mobile SDK require a data connection?
A: The Ezio Mobile SDK requires a data connection during the key provisioning process. Once the key is provisioned, it is possible to use the Ezio Mobile SDK either in unconnected mode (for example to generate offline OTP which will be used to authenticate on an eBanking website) or in connected mode (for example to send the transaction signature automatically to the backend for verification).
Q: What does the Ezio Mobile SDK include?
A: The Ezio Mobile SDK contains the following operations:

- Secret Key (credentials) provisioning from EPS via a proprietary provisioning protocol
- Secret Key secure storage on mobile phone via multiple encryption layers (PIN, Device Fingerprint, OS encryption services).
- Integrated pseudo random number generation
- Key removal
- PIN code modification
- One Time Password generation
- Challenge Response management
- Transaction signature
- OTP Scrambling

The Mobile application needs to handle:

- Graphical user interface
- EPS Server Public key (needed to initiate secure communication with backend) storage
 
Q: How does the communication between the mobile application and the EPS work?
A: The communication between the Ezio SDK and the EPS during the key-provisioning phase is done using a secure proprietary protocol which do not rely on standard SSL. The advantage of using a proprietary protocol is that we are platform independent. SSL implementation can vary from one mobile platform to another and there are known weaknesses in some public implementations. Using a proprietary protocol allows us to ensure a consistent level of security across the different OS.
Q: Can we also use SSL/TLS connections?
A: Yes and it is even recommended. Even if our proprietary protocol is secure by itself and can execute over HTTP, we always recommend to add extra security layers when possible.
Q: Against what the Ezio mobile SDK is protecting us?
A: In case Ezio mobile SDK is used to secure a channel other than Mobile (PC, Tablet, ATM, Phone….) it protects against the same type of online attacks as our advanced Ezio Readers: Shoulder Surfing, KeyLogging, Phishing, Farming, Man-In-The-Middle, Social Engineering, Whaling, Man-In-The Browser.

When Ezio Mobile is used to secure the mobile channel itself (Mobile Banking) it protects against Shoulder Surfing, Key-Screen logging, fake applications (mobile application phishing) and Man-In-The Middle. It also provides mitigations against Man-In-The-Application by using state-of-the-art secure development techniques.