Todos has developed the eCode authentication solution to provide secure remote authentication for online banking, shopping, gaming and more using one time passwords (OTP). The eCode system uses OTPs generated by smart cards, tokens, printed cards or mobile phones along with a reader and central system. It supports standards like 3D Secure and provides a gradual introduction of security levels. The solution is customizable to meet customer needs and supports authentication via internet, phone and VPN. Case studies show banks like ABN AMRO using eCode for secure digital banking terminals and authentication.
1. Portable Authentication
- The concept
Online shopping
Internet banking
Online gaming
Mobile banking
Online betting
Enterprise access
2. - Fight fraud and phishing!
Todos has developed security solutions based on smart cards
since 1990. Throughout the years, Todos has built up an
extensive in-house expertise in designing cost efficient
identification solutions for the mass market, with focus on
the product, its personalisation, distribution and support.
Todos eCode is a product portfolio for secure
remote authentication using One Time Passwords
(OTP), Challenge/Response and Electronic Signatures.
The OTPs can be generated by a reader and a smart
card, tokens, printed cards or mobile phones.
Reader and
smart card
Todos eCode is a cost efficient, portable and
secure authentication solution for e-Banking,
e-Commerce, Online Shopping with 3-D Secure,
Mobile Banking and Enterprise access. Todos eCode
is platform and channel independent, providing
the possibility to simultaneously authenticate users
via Internet, PSTN, mobile network and VPN.
The end user devices in the eCode solution
are all easy to learn and easy to use. Also, it is easy
to manage for the bank as the devices require no
personalisation. Thus, they are easy and cheap to
distribute and have minimal need for support.
The Todos eCode solution can be introduced Mobile
gradually, with different security levels, to suit the Token
Printed OTP
development pace of remote services in the bank.
- Central System
Todos eCode Central System is the heart of the Todos eCode authentication solution and can operate
in both a Single Issuer and Multi Issuer configuration. Each Issuer is unique and has its own requirements on
authentication method, security, reliability, availability, capacity and integration to its legacy systems. The modularity
and flexibility of the eCode Central System enables it to be fully customized to meet customer requirements. VISA
dynamic passcode
authentication
Todos eCode authentication follows the principle of two factor authentication. Based on something
you know (i.e. a PIN or a Static Password), combined with something you have (e.g. a smart card), a One
Time Password (OTP), a Signature or a Response in a Challenge/Response mechanism is generated. 3-D Secure
Todos eCode supports different carriers, and a variety of medias:
• Smart card- or SIM-based: FISC II
- One Time Passwords (with or without PIN) OTP
- Challenge/Response and Signatures
• Printed One Time Passwords
• Token One Time Passwords Sm@rt
• SMS sent One Time Passwords TAN
• Java MIDP based:
- One Time Passwords (with or without PIN)
- Challenge/Response and Signatures APACS
Todos eCode Central System
includes several different functions: SiBS
• Authentication
• Personalisation data generation
• Key management Interpay
• Customer Support Application
• Static password verification
• Personalisation of tokens and smart cards Banksys' R4
• Radius support Authentication
Todos eCode Central System also supports the latest industrial standards, including 3-D Secure CAP,
MasterCard SecureCode, VISA dynamic passcode authentication, APACS, Interpay, SiBS, Sm@rt TAN, FISC II OTP and
Banksys' R4 Authentication.
3. Reader and smart card
In an eCode solution for smart card based One Time Signatures. The eCode readers may also display balance and
Password (OTP), the OTPs, Signatures and Responses are transactions of e-purse, loyalty cards and other applications.
generated in the smart card at the moment of authentication The readers do not require any personalisation, as the
and displayed to the user in a portable smart card reader. security lies in the smart card and the security application.
The user has one (or more) standardised readers, thus
There are several models of smart card readers available, reader distribution becomes easier and cheaper.
with different levels of functionality: Todos eCode Reader,
Todos eCode Signature, Todos eCode Authenticator and The connectable Authenticator combines the portability
Todos eCode connectable Authenticator. Todos eCode and user friendliness of an unconnected reader with PKI
Signature, Authenticator and connectable Authenticator qualified signatures when connected to a PC via USB.
have small keyboards for PIN entry, Challenge/Response and
Printed OTP OTP Token
The OTPs are generated In an eCode solution for
centrally, then securely transferred Token based OTPs, the OTP is
to a personalisation bureau generated inside the token at
which prints the OTPs onto Reader and the moment of authentication
a card or a PIN envelope. smart card and displayed to the user
on the token display.
To protect from shoulder Printed
surfing, an aluminium foil OTP The user interface of Todos
scratch layer protects the not eCode ezToken consists of a
yet used OTPs. Combined with display and one single button.
a static password you achieve With a press on the button an
a two-factor authentication.
OTP OTP is generated. Combined
Token with a static password, this
Benefits with Printed OTP: provides a strong two-factor
• Low initial cost. Central System authentication.
• Easy to deploy, learn and use.
• Portability: always Data for Todos eCode
in your wallet. ezToken personalisation
• Easy to distribute using
Mobile is generated by the Todos
postal services. - SIM, MIDP eCode Central System.
Java
J2ME
Printed OTP is a good intermediate Mobile OTP Token is a good
solution if EMV cards have not yet intermediate solution
- SMS
been rolled out. if EMV cards have not
yet been rolled out.
Mobile - SIM and MIDP
By placing the security application on the SIM Mobile - SMS
you can use a standard mobile phone for all your In an eCode solution for OTP sent by SMS, the OTP is generated
bank errands. It is also possible to download a in the eCode Central System upon a request from the user, sent
Java application directly to your handset. by SMS to a predefined mobile card and displayed to the user.
The mobile handset is a device most people carry with them The eCode Central System has the central
all the time and care about. With Todos eCode Mobile SIM or functions for generating the OTP and sending
MIDP inside, the authentication device is always close at hand. it, in addition to the verification.
Todos eCode Mobile supports multiple banks and service The mobile handset is a device most people carry with
providers on the same SIM card. Each bank/service provider can them all the time and care about. With Todos eCode Mobile
control their own personalised information independently. SMS, the authentication device is always close at hand.
Example of dynamic
authentication solution:
Todos eCode Mobile
Todos eCode Authenticator
Todos eCode ezToken
Todos eCode Central System
Starting off with Introducing eCode Mobile EMV card rollout Phase out tokens Bank
Central System and tokens New customer segment Introducing smart card readers development
4. Case studies
23 individual banks using Todos Developing next generation eBanking terminal
eCode in a Multi Issuer setup
ABN AMRO is a prominent international bank, with European
SpareBank 1 Alliance roots dating back to 1824. ABN AMRO ranks eighth in Europe
is a Nordic bank and product and 15th in the world based on tier 1 capital. In 2003, ABN AMRO
collaboration where the began an evaluation process for a new generation eBanking
SpareBank 1 banks in terminals, a project called TRaP (Token Replacement Project).
Norway collaborate through
the jointly owned group ABN AMRO's main selection criteria were:
SpareBank 1 Gruppen AS. SpareBank 1 • A secure end user device that implements "Sign what you
Gruppen AS was established in 1996, and is one of the see" functionality for both unconnected and connected use.
largest providers of financial services in the Norwegian • A device that will be used as the
market. The Alliance consists of 23 individual savings banks security device over the next 5-10 "Sign what
and the product companies of SpareBank 1 Gruppen AS. years, and must offer long-term you see"
support for the ABN AMRO card functionality
SpareBank 1 Gruppen AS is using the Todos eCode solution products today and tomorrow.
in a Multi Issuer setup, where all SpareBank 1 banks are using the • A supplier with cutting edge technology and know-how,
same eCode Central System, but each individual savings bank has being able to turn customer's business and product
its own operational keys and eCode database. requirements into a solution that meets customer demands
in the areas of security, smart cards and quality.
• A device that has ABN AMRO look and feel.
The Todos eCode authentication solution in this • Pricing.
case represents the authentication of end users to their
own certificates in a net centric key store system, in
which the private keys are securely hosted in a central After a thorough evaluation of the alternatives, ABN
server. This is part of the national ID scheme BankID. AMRO (BUNL) selected Todos for the development of their
new secure end user device "e.dentifier2". A final contract was
signed on August 24, 2005, comprising the development of
Says Eldar Skjetne, Director payment services,
the reader and rollout of more than 2.5 million readers.
SpareBank 1 Gruppen AS: “We think that we have together with
Todos Data System AB found a solution which is easy to use for the
customers. With the security application hosted in the smart card,
the customer can easily see the connection between traditional
payments with his/her Visa card, and the use of the same card for For further information regarding the different parts of
authentication on the Internet. Customers who wish to have more the Todos eCode portfolio please see respective product brochure
than one eCode Reader will be able to buy the additional number or contact the Todos sales team. All brochures are available for
of readers they like from the bank.” download at www.todos.se.
TODOS DATA SYSTEM AB
7331887 ----- 061024
www.todos.se sales@todos.se Todos Data System reserves the right to change the specifications at any time and without notice.
All trademarks or trade names are the property of their respective owners.