Presentation is loading. Please wait.

Presentation is loading. Please wait.

IDA-UNPOG Capacity Development Workshop 29 Nov 2011 1.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "IDA-UNPOG Capacity Development Workshop 29 Nov 2011 1."— Presentation transcript:

1 IDA-UNPOG Capacity Development Workshop 29 Nov 2011 1

2 Aspiration – The Electronic Hub! Singapore aspires to be a global financial hub and has deliberately forged ahead to be the leading nation in e- security for electronic financial transaction in the World MAS as early as 2005 requires all banks in Singapore to provide 2FA to ensure e-security of financial transaction Given the limited time banks have to complying with this requirement prospects for a standard 2FA system is limited 2

3 iN2015 We ended up with as many 2FA systems as there are banks In 2006, under the iN2015 MasterPlan to build an Intelligent Nation, IDA conceived the NAF as the national authentication system This is to be a system that can integrate and connect with all financial institutions and service provider of e- Services; unifying all the 2FA systems and services 3

4 RTAP Central to such a national authentication system is a common connectivity protocol for inter-system integration IDA commissioned a study to specify the system that will enable open source systems (such as UNIX, Windows, etc) to inter-connect - RTAP RTAP (Reference Technical Architecture Protocols) defines the technical communications across systems operating within the network The RTAP is unprecedented. It is the first national level connectivity standards and protocol system RTAP has potential to evolve into a global open standard 4

5 OpenID? Was it necessary for Singapore to ‘invent’ a new standard when there are in fact similar protocol/standards around? There is the OpenID While it has adequate provisions on security, it is essentially a 1FA system based on “cross-referrals”. 5

6 Convenience Vs Security The NAF has to offer convenience to users while providing an evolving leveling of security relevant to the times We appreciate that this is a challenging requirement as security by its nature is NEVER absolute. Every prevailing security solution is vulnerable to attack and compromise over time. 6

7 Security - Ahead of Risks! The approach must therefore be to enhance security provisions abreast risk of compromise PKI offers good protection against security attack. OTP offers convenience for user. The practical solution is to strike the right balance between security and convenience. There is no thorough-bred solution available that offers us this balance 7

8 8

9 A Hybrid! IDA then developed a unique system which is a hybrid of the PKI-OTP system based on RTAP as the connectivity protocol This is the Singapore NAF system. 9

10 OneKey We brand it: OneKey Challenges of OneKey Replacing the banks’ operating systems (proven over the last 6 years) Incentives offered (free device, free services for 2 years to wean them off Service Providers’ existing system) Addressing the new requirements (transaction signing) 10

11 11

12 Relative Strength of OneKey It has security provisions on par with the best in the local financial industry With RTAP, it can connect with any operating system Single device for multiple e-transaction applications – Convenience for users It is certified to ISO27001 It complies with MAS IBTRM Assurance of leading security architects in the industry Resilient with 100% redundancy; active-active backup 12

13 Brokerage Companies: By Mar 2012 OneKey is offered to all Public Service Providers Public Service has provided guidelines what sort of information and transaction will require 2FA Public Service agencies are examining. Security Companies are required by MAS to offer 2FA by Mar 2012. 13

14 Smart Token vs One-Button Token Banks have their own 2FA system. With recent challenges to security, banks will have to up-grade to Transaction Signing NAF operates on Smart Token (OneKey) Vs One- button token OneKey offers Transaction Signing (new requirement of MAS) Banks have option to take up NAF 14

15 Assurity – IDA Wholly-owned Co IDA set up a company to implement and operate the NAF > Assurity Set up with equity by IDA and MICA Concept is to out-source as much as possible and keep organic resources lean 15

16 System Builders Assurity selected ST Engineering as the vendor to build the NAF The other key vendors involved are: Data Security Systems Solutions (DS3) Vasco Data Security NAF/OneKey will be launched in Dec 2011 Service Providers have been invited to subscribe. Users will request their OneKey through the SPs 16

17 Assurity’s Concerns Issues of concern to Assurity Educating users on e-Security Staying ahead of the Security Threat Disaster Recovery - Continuity of operation Systemic Fraud – Prevention and Deterrence Business viability Fulfillment of the National Agenda –iN2015 17

18 Assurity will be happy to offer its learning experience to help agencies implement 2FA system at NATIONAL level AFTER we have stablished our 2FA system – OneKey/NAF 18

19 Thank You 19

Download ppt "IDA-UNPOG Capacity Development Workshop 29 Nov 2011 1."

Similar presentations

SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.

SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Solutions & Services to ‘Multiply your Business Performance’ 2013.

Solutions & Services to ‘Multiply your Business Performance’ 2013.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Benefits of CA Technology & HVB Bank Romania Study Case Bucharest, May 31, 2005.

Benefits of CA Technology & HVB Bank Romania Study Case Bucharest, May 31, 2005.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Mobile Payment Forum of India: Regulatory Sub-Committee Sachin Khandelwal June 07, 2008.

Mobile Payment Forum of India: Regulatory Sub-Committee Sachin Khandelwal June 07, 2008.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security Controls – What Works

Security Controls – What Works
Greg Shaw 202-994-6736 How do we turn private sector preparedness into an investment rather than a cost of doing.

Greg Shaw How do we turn private sector preparedness into an investment rather than a cost of doing.
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
National Discount Broker Site Compromised “National Discount Brokers’ site, which has 200,000 customers, was down for more than an hour Thursday as company.

National Discount Broker Site Compromised “National Discount Brokers’ site, which has 200,000 customers, was down for more than an hour Thursday as company.
1 Challenges For A Credit Bureau In Emerging Markets.

1 Challenges For A Credit Bureau In Emerging Markets.
Principles of Information Security, 2nd Edition1 Introduction.

Principles of Information Security, 2nd Edition1 Introduction.

Similar presentations

Ads by Google