 |
|
|
| Information Security News: |
|
|
|
|
|
|
|
|
Two factor authentication gets token agnostic at Central Bank of India |
 |
By Dhwani Pandya, Principal Correspondent
10 Mar 2010 | SearchSecurity.in |
|
|
Central Bank of India, one of the leading public sectors banks in
India, has ambitious projects lined up on the information
security front. One of the first initiatives on this front has been the
bank's inauguration of its independent information security department
in May 2009. Central Bank of India plans to deploy a two
factor authentication solution in 2010. Dr. Onkar Nath, the chief
information security officer of Central Bank of India claims that the
bank will be first in India to implement two factor authentications for
external as well as internal customers.
At the moment, Central Bank of India is busy with a proof of concept
project of two
factor authentication. It aims to start the implementation process
by end April 2010. The bank has already evaluated various soluti...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.IN
ons,
and decided to handover the entire two factor authentication
implementation to TCS. According to Nath, Central Bank of India will
use different vendors for two factor authentication and token
solutions. These vendors will be chosen by the implementation partner.
Central Bank of India plans to use a token agnostic two
factor authentication solution for reasons of flexibility. "When I
mention token agnostic, I'm referring to two factor authentication
mechanisms using any type of token. The one time password (OTP) can be
sent to customer on his cell phone, browser or even a fax machine. So
in this case, browser or cell phone becomes the soft token, and fax
machine becomes the hard token," explains Nath.
Two
factor authentication token will be selected based on the internal
and external customer's risk profile. Risk metrics for all kinds of
customers will be developed before implementation of the solution. Risk
profiling will be undertaken by the bank. If the customer's (whether
internal or external) risk profile is of low sensitivity, he will be
given a soft token like the use of cell phone or browser. In case of
customers with high levels of sensitivity, the authentication will be
performed using a hard token.
Although Central Bank of India is still working on the entire
configuration of its two
factor authentication solution, it aims to frame time sensitive one
time passwords (OTP). "So if OTP is configured for a five minute
timeframe, it has to be used within that time," says Nath.
For mobile banking, Central Bank of India has developed a separate
grid-based authentication method. A grid is provided to customers on
the back of their debit card. The bank has implemented this solution
for internal employees, and plans to extend it soon to external
customers.
On the need of two
factor authentication for internal customers, Nath explains that
increasing number of threats are now coming from internal customers.
"Besides, it's not a costly preposition, since you anyways set up
authentication and hardware security module (HSM) servers for external
customer. The cost of a token goes up to hardly Rs 80 for low end tokens," informs
Nath. Nath declines to reveal the entire project's cost.
|
|
|
|
|
|
|
| TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of . |
|
| | |
All Rights Reserved, , TechTarget |
|
|
|
|
|
