USB thumb drive helps protect against man-in-the middle attacks
March 8, 2010
Gemalto last week at RSA Conference 2010 in San Francisco unveiled a USB-based online banking application that digitally signs transactions and helps prevent man-in-the-middle attacks.
The new Ezio Plug&Sign comes with its own browser in addition to its own hardware, and it uses a smart card-based USB token that contains a digital certificate for digital signatures. The plug-and-play device is mainly aimed at commercial banking applications. "While some devices use cryptographic key exchange for authentication, we use a smart card and do certificate-based authentication and leverage digital signing of the client," says Tom Flynn, director of identity and access marketing for Gemalto.
Banks will distribute the USBs, and the browsers will automatically go to the bank's online banking site. The end user will enter a PIN via a virtual PIN pad on the screen to protect against keylogging, validating both the bank site and end user's identities. The entire session is encrypted, and the user digital signs his transaction.
The USB device can be branded by banks or e-commerce providers, according to Gemalto. Gemalto earlier this year announced its smart cards were integrated with IBM Tivoli Ready Smart Card Identity Credentials.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024