Your opinion about gps4us News:
Welcome to gps4us News About gps4us  |  News  |  Support & Contacts
Twitter Facebook Linkedin YouTube
Recommend this page
Bookmark and Share

Mobile Banking learns lesson from security veteran RSA the EMC Information Infrastructure and Cloud Services

by Rusti 2011-08-26 14:04


Mobile banking learns security lessonThe Mobile Banking services are agressively deployed by all major banks in an attempt to take over the international mobile user market as early as possible. Mobile Banking service providers are learning security lessons these days. As the defensive strategy to "follow and react" to newer hacker attacks has not proven success, the major Mobile Banking security services providers are switching to the preemptive defense strategies. Anything is possible on the Internet, especially in the infant world of Mobile Banking tapping into the the new Cloud Computing Utility Services popping up like mushrooms after the rain by all major international banks. New and often under-tested Mobile Banking Services are subject to heavy hacking by internationally spread  hacking groups. They are using technology and social factors to get to the security provider's heavily guarded safe box. Sometimes hacker methods extend to so called "social engineering"  or "human engineering" when classified information leak has nothing to do with the online hacker attack. Social engineering touches the human element of security professional services worker exposed outside the safe box, as just well known human relationship factor. 

Security services providers plan for event like human or social engineering. Coupled with multi-factor authentication and anti-fraud technologies an efficient security provider is ready. Just recently the RSA Security was able to quickly replace the "SecurID" tokens data breach used by hacking community attackers to steal the intellectual property relating to the SecurID two-factor authentication technology. Reliable security services provider RSA, the EMC Information Infrastructure and Cloud Services (NYSE:EMC) is able to envision phishing attacks in the online channel, quickly identify and prevent escalation of the exploit, immediately applying the counter measures across the affected business critical realm. It takes many years of maturing the security strategy, tactics and technology to keep safe run of critical business for customers all over the world.   

Innovation of Elliptical Curve cryptographyTwo decades of web adopting operating system and web browser platform evolution with survival selection of security certificate standardization and file formats, the web front end enablement and securing history ended up with just several selected, enough and sufficient, the six key security certificate formats, which any desktop or server operating system and/or web browser platform would for sure import and export for either mobile or desktop user. They work for Internet Explorer, Firefox, Chrome, Opera and many other web browser environments. The security certificate exchange operations, the import and export operations across web browser and operating system combination of front end user facing desktop and mobile platforms, support at least five fundamental security certificate file formats, namely: the DER encoded binary X.509, the "CER" file format, the Base-64 encoded X.509, the "CER" file format, the Cryptographic Message Syntax Standard - PKCS #7 Certificates, the "P7B" file format. the Personal Information Exchange - PKCS # 12, the "PFX" file format, and Microsoft Serialized Certificate Store, the "SST" file format.

Needless to say dozens of other security certificate formats exist. Most of them have been originated, invented, developed, maintained and patented by the RSA. It does not like to manifest its presence a lot, stays secure in the shadow, knowing that every operating system, server, desktop, mobile, GPS navigational or robotic device, as well as Integrated development environment, end up using RSA security libraries and API code, as their proprietary patented security libraries which contain the application programming interfaces which allow any application to fulfill its security needs by calling the RSA library application programming interface and reach to the security certificate cryptographic core required by the particular transaction to get completed. RSA security iceberg is bigger inside than visible outside, so to speak. In security cryptography world the RSA which stands for "Rivest, Shamir and Adleman", the three security amigos, first publicly described and patented the fundamental security  algorithm for public-key cryptography, or PKC. The three PKC amigos in 1983 came up and patented and then openly published the three step RSA algorithm for PKC key generation, encryption and decryption, independently of works, and ten years after the highly classified British Intelligence Agency's scientist Clifford Cocks originated the math foundation for UK intelligence distributed  computer security system in 1973. 

PKC represents the first algorithm suitable for secure message signing and message body encryption. The variations of the original PKC went through numerous advances driving the art and science of Public-Private Key Cryptography.   The PKC patent has been granted to RSA just in time to prepare the grounds for soon coming Internet exposed operating system security hungry banking transactional applications, targeted first by the international hacker community gurus. Later in 1985 the Elliptic Curve Cryptography or ECC methods have been invented as a new variation of the novel approach to Public Key Cryptography based on the algebraic structure of elliptic curves over finite fields. The elliptic curve cryptography math and algorithms were introduced independently by scientists Neal Koblitz and Victor Miller. the RSA and ECC security libraries became the hot cake sell, given the unstoppable Internet market growth from single tire to multiple tier to service oriented architectures or SOA, and, lately, to the Cloud Computing all inclusive paradigms. RSA and ECC to Cloud Computing is like the ball-bearing manufacturing business for military and other machinery production during never ending world war, as without ball-bearing no machine can move, same without reliable security certificate no browser will serve real time online banking transaction for the desktop or mobile application user.

cloud computing security As PKC and ECC lay the foundation for secure transactional processing in electronic Internet commerce, the e-Commerce, the enterprise resource planning (ERP), the customer relationship management (CRM) services and lately Cloud Computing Utility services for mobile banking, rely on the evolution and improvement of the security algorithms, unified protocols and acceptable file formats. The RSA story has never ended, as some other innovations in computer science and technology history, because the math behind the RSA security algorithms is, so far, for almost half a century, is sufficient to positively satisfy the never ending fight between the internet browser application programming security requirements, real time end user security, and possibility of internet base massive distributed computing originated methodologies of hacker attack. RSA stays on top of maintaining the necessary balance in securing the computing world given RSA puts 60% and more percent of its revenue in the research and development of new "unbreakable" security algorithms, methods, keeps its licensed security certificate API-s and Libraries up-to-date with the latest needs of new mobile, desktop and server operating systems, middle tier transactional componentry and the back end database implementations, as well as instantly enhance capacity to increase sufficiently long cryptography keys to null and void attempts of the hacker attacks.

However,as there are just several web browser platforms which survived in desktop and currently in mobile front end platforms competition, these four security certificate formats are considered sufficient for meeting the end user requirements specific to security concern. Not only the user feels safe using these certificates, but banking services providers consider them be sufficient for performing online secure financial transactional operations across Cloud Computing financial utility services distributed bank accounts.

In the world of Cloud Computing the key browser accepted universal security formats are represented by the following fundamental choices. The "DER" encoded binary X.509, or the Distinguished Encoding Rules format is suitable to support storage of a single certificate. However, the "DER" format does not support storage of the private key or certification path. The "Base64" encoded X.509 format supports storage of a single certificate but is not designed to support storage of the private key and the certification path. The Cryptographic Message Syntax Standard or the PKCS #7,  supports storage of certificates and all certificates in the certification path. Finally, and most importantly, the Personal Information Exchange or the "PKCS #12", also known as the PFX supports secure storage of certificates, private keys, and all certificates in a certification path. The PKCS #12 format is the only file format that can be used to export a certificate and its private key. 

Certificates are exchanged by any computer applications and services, would they be remote procedure call based, or remote function call based, secure XML or HTTPS originated meaning they are exported and imported by all security aware applications within Cloud Computing front end, middle tier and back end transaction processing realms, in a variety of unified recognizable formats. Their job is to ensure the identity of a remote computer, and to prove the end-user identity to a remote computer, such as the Cloud Computing Utility Service provider. Standardized Security Certificates has to be reliably stored in hacker unbreakable storage facilities, with an ability to get safely exported and/or imported as needed by trusted consumers and providers of Cloud Computing Utility Services on the one hand, and by desktop and mobile users on the other. 

There is another factors involved in security equation for Cloud Computing. The human factor is one of the most important, such as remembering mobile user password on the go in the stress situation. Or the so called Zero Footprint Applications, the ZFA. The Cloud Computing zero footprint applications for mobile users are, in fact the "no extra software" application synergy between mobile OS embedded browser and the user knowledge of who she is, what she has and what she knows to prove her unique identity to the Cloud Computing Utility Financial Services providers. We will discuss the Zero Footprint Applications along with the key human factors involved in the identification of the transaction originator, provider and consumer mapped on the foundation of the PKC and ECC security methodologies in our upcoming news articles. Happy secure browsing with your Cloud Computing friendly personal communicator, gps navigator, smartphone, and tablet.

Comments are closed
Thank you for being gps4us News Reader

13431 Beach Ave. Marina Del Rey, CA 90292  | Customer Services | Contact Info & Support
About gps4us | Testimonials | News | Terms & Conditions | Privacy Policy | Shipping & RMA
© 2009-2011 GPS4US Online Store, All Rights Reserved.