USB thumb drive helps protect against man-in-the middle attacks

Gemalto last week at RSA Conference 2010 in San Francisco unveiled a USB-based online banking application that digitally signs transactions and helps prevent man-in-the-middle attacks.

The new Ezio Plug&Sign comes with its own browser in addition to its own hardware, and it uses a smart card-based USB token that contains a digital certificate for digital signatures. The plug-and-play device is mainly aimed at commercial banking applications. "While some devices use cryptographic key exchange for authentication, we use a smart card and do certificate-based authentication and leverage digital signing of the client," says Tom Flynn, director of identity and access marketing for Gemalto.

Banks will distribute the USBs, and the browsers will automatically go to the bank's online banking site. The end user will enter a PIN via a virtual PIN pad on the screen to protect against keylogging, validating both the bank site and end user's identities. The entire session is encrypted, and the user digital signs his transaction.

The USB device can be branded by banks or e-commerce providers, according to Gemalto. Gemalto earlier this year announced its smart cards were integrated with IBM Tivoli Ready Smart Card Identity Credentials.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights