eIDAS in Practice 10 Years Trust Services Experience in the Banking - - PowerPoint PPT Presentation

eIDAS in Practice

10 Years Trust Services Experience in the Banking Sector

Thom homas K Kop

• pp

Head of IT

Once upon a time

The 1999/93 EC Directive

Strong Authentication & Electronic Signature Option Requested by Luxembourg Public and Banking Sectors

2005 LuxT LuxTrus ust Found

• unded
• Trusted 3rd Party
• PPP of 4 Major Banks

and Government

• Cost Sharing for PKI-Based

Trust Services Provision

2009 Accredited as Trust Services Provider in Europe

Monitored by Payment Sector Supervision Body CSSF

Meet the classic request

eSignature-Based Trust Services for Online Banking

Issue EIDs: Admission ticket for the electronic world

LCP, NCP, QCP (+) certificates

Strong Authentication Services

Challenge & Signed response

Simplify usage: Central Signing Server

2008  Renewal made easy & Connectivity problem solved

Common library for unified device support

Removing complexity for PKI integrations

Trusted Time-Stamping Service

Preserve signatures validity beyond certificate lifetime

Scalable concept: 1 Certificate  Any bank

Access right management of providers based on end-user certificate SSN

Simply Use KYC: Delegate registration authority to banks

Identification currently possible in approx. 20 RAs  Banks can enrol customers instantly

Online banking enrolment: Get equipped within 30 minutes

User Device & EID Provision via Life Registration Service  Since 2012

Interoperable AdES Signatures for paperless contracts

Plug-Tested library for creation, verification and extension of ETSI conformant eSignatures

International Trust Alignment

TSL not integrated by major vendors  Microsoft, Mozilla, Apple, Oracle, Adobe

Leverage & Extend

Real Time Enrolment & Advanced eSignature Usage

Adoption of National EID Card

Broaden user device support

Current Bank Needs

Address augmented threats and adapted service models

Nonrepudiation of engagement: Use transaction signing

Use of XAdES manifest signature applied to SEPA documents

Paperless office: Save time, money & sign remotely

Benefit from legal force of the 910/2014 EU Regulation

Mobility is key: Signing on tablets

Flexible user interfaces based on responsive design

Industrialised attacks: Contextual Approach

The classic PKI card QSCD turns out to be a weak device

Rapid technology switch: Provide services via trusted cloud

SAML v2 and DSS authentication and signature service portal

Mobile First strategy, a trusted journey

August 2011

• Launch

BILnet Mobile

June 2013

• Launch new BILnet &

QuickBanking

• New proof environment

& signature policy

January 2014

• Abandonment of

Java

April 2014

• Advanced signature
• n BILnet Mobile

July 2015

• Mobile First
• Full responsive

design

 How LuxTrust supported our developments

 How to achieve a high level of security combined with clients’ trust & a proof

environment for online transactions?

Mobile First strategy, user experience & security

 Client benefits:

 a single & unique bank user experience  any device, anytime, anywhere

 Bank benefits:

 higher security  extended service offer  differentiation

 New transaction possibilities:

 management of credit & debit card limits  creation & management of transfer beneficiaries  change of personal data, i.e. address, phone, email…  investment profile & securities account  security management: transfer limits, authorised countries…  online account opening  …

Trust Services for Banks

The potential of tailored eIDAS solutions

Flexible & easy to integrate Trusted Cloud User devices fully managed by LuxTrust Real time and simple enrolment based on KYC Any service everywhere  Mobility is key Full solution range from one supplier Committed to high quality & availability

LuxTrust Key Facts

Thanks for your attention

KEY FACTS:

ANNUAL GROWTH OF USERS OVER 50% | VALIDATIONS IN OVER 170 COUNTRIES

REFERENCES:

Financial institutions