The safest secure way for on line banking and e-trading

The Federal Financial Institutions Examination Council, the Council, has mandated that by 2006 all US banks offering online banking implement a two factor authentication to protect against Internet fraud.

Two factor authentication simply means that one identity factor is based on something you know (a password or PIN) and the second factor is based upon something you have in your possession (an authenticator). An authenticator provides a much more reliable level of a user's identity than common passwords. These authenticator type devices are available in form of a USB dongle, key size token generator with a display, smart card, and others. However, such devices tend to be too cost prohibitive when evaluated for rollout to a large number of online banking customers.

The imX Authentication Card presents the lowest cost alternative, for the second authentication factor of online banking customers. The imX Authentication Card in its form as a business card sized CD is portable and can be utilized on any computer device with a CD-Rom drive. Our card effectively allows you to implement safe and secure two factor authentication that does not require costly investments in new hardware or devices.

The imX Authentication Card and its proprietary and patented token generator satisfy the Council's two factor authentication requirements. Beyond that, consumers find the imX Authentication Card very simple to use. Just placing the disk in the CD-Rom drive (CD disk tray) of the computer begins the authentication process to identify that it is indeed the correct user at the computer attempting to execute a transaction.
Our solution integrates easily into existing systems and can be moved by the user from home, office, and travel locations.
Our patented technology offers unique, strategic and cost effective solution to our customers. The technology foundation implements multiple levels of latest security measures that implement the following key security elements:

• Features Overview

The imX digital authentication card offers a cutting edge solution in the field of user identification and security for conducting safe transactions over the Internet. Our patented technology offers unique, strategic and cost effective solution to our customers. The technology foundation implements multiple levels of latest security measures that implement the following key security elements:

• Two-Factor Authentication

The consumer must be in physical possession of imX digital authentication card as well as know their pin number (user id) and password. This addresses latest security requirements for banking and online security as published in 2005 by the federal government in response to ever growing number of cyber-attacks and theft identity.

• Anti-Attack Technology

Our security solution implements a range of latest attack prevention measures to deter even the most sophisticated criminals from breaching Internet based systems. Consumers are protected by an intelligent multi-level attack prevention mechanism that employs a range complex anti-hacker measures.

• End to End Encryption

Our card utilizes sophisticated encryption technology based on the 448 Blowfish bit encryption algorithm (Blowfish has been created by recognized Internet security leader Bruce Schneier.) In addition our unique encryption key cycling and key deciphering techniques provide an effective military grade security data exchange service.

The imX implementation of a digital authentication card brings a range of innovative solutions into the field of secure payments over the Internet. The technologies applied enable usage of a CD based digital authentication card much in the same fashion as any of the common token generation devices (i.e. USB dongle, smart card.) However, imX's low cost offering presents a number of additional security measures that further mitigate risks associated with conducting any financial transactions over the Internet.

The following listing is a simple feature comparison chart of common authentication devices including our imX digital authentication card.

For questions related to this comparison please refer to the following:

• Why is the imX digital authentication card more secure than other two-factor solutions?

Most two-factor solutions include either a password-generating device, a USB token, a Smart Card, Challenge/Response Question or Image/Text Verification. Although these solutions are known as “two-factor solutions” they do not adequately protect data collection and transmission (user id, password, tokens) against trojan software, pharming and man-in-the-middle attacks. The imX digital authentication card delivers protection against trojan software and encryption for data transmitted over the Internet that is fast, secure and easily implemented into existing Internet based systems.

• How does the imX digital authentication provide protection against Phishing?

Phishing involves fraudulent emails and other forms of communication that encourage consumers to divulge sensitive information. Often by masquerading as a trusted source, the perpetrator attempts to obtain user's account login information, credit card information, etc. Once the user “bites” and provides sensitive information to a website or an individual in response to the phishing scam, its simply too late. The criminal can now utilize the stolen information to access consumer's bank accounts, credit cards, private records, etc.

The imX digital authentication card system provides protection against phishing because the authentication details comprising of pin number (user id) and password are insufficient. The criminal must also be in possession of the consumer's digital authentication card to take advantage of the stolen information.

• How does the imX digital authentication card provide protection against Replay Attacks?

A replay attack occurs where a criminal resubmits intercepted data to the server to present itself as a valid user.

The imX digital authentication card safeguards against these attacks with the cycling variable length keys used to encrypt the data as well as server side logical data state management (i.e. user already logged in.)

• How does the imX digital authentication card provide two-way mutual authentication?

The imX digital authentication card utilizes common two-way certificate based authentication utilizing Secure Sockets Layer (SSL, HTTPS connectivity.) In addition, a superior secure encryption process is applied that mutually authenticates connection from the card to the processing server. The card itself contains encrypted software with a unique identifier which in turn is applied behind the scenes and cannot be stolen with a keystroke logger.

• How does the imX digital authentication card provide protection against Pharming?

Pharming is the exploitation of the Domain Name Server (DNS) vulnerability that allows the criminal to redirect Internet traffic intended for website “A” to their website “B.” Consumers may be unknowingly redirected to a fake website where they may be asked to enter their authentication information very much similar to the phishing process.

The imX digital authentication card employs an elaborate handshake process that guarantees connection and authentication with the real website. Therefore, the criminal must also be in possession of the consumer's digital authentication card to take advantage of the stolen information.

• How does the imX digital authentication card protects against Man-in-the-Middle Attacks?

A Man-in-the-Middle attack can occur where a criminal intercepts data sent between the consumer and the website. The data can then be harvested to extract identification information leaving the consumer vulnerable to identity theft.

The imX digital authentication card safeguards against these attacks by transmitting encrypted data. Implemented encryption utilizes cycling variable length keys and is utilized in addition to the conventional SSL encryption (HTTPS connection.)

• How does the imX digital authentication card provide secure end-to-end encryption?

The imX digital authentication card contains software that applies cycling variable length keys to encrypt data sent over the HTTPS connection. The unique encryption/decryption processing available in the card's software as well as the server side software guarantees secure exchange of data.

• How does the imX digital authentication card provide protection against trojan software?

The trojan software has the ability to record user's keystrokes, record images of the screen the user sees and any mouse movement and clicks the user performs. Any of this collected information can then be used by a criminal to obtain valid user login or other sensitive information.

The imX digital authentication card contains a method of secure data entry that prevents the criminal using the trojan software from exploiting information collected.

• What prevents unauthorized use of software copied from the imX digital authentication card?

The imX digital authentication card is just like any other CD-ROM disk, thus it can easily be copied. However, the criminal still needs to have the possession of consumer's pin number (user id) and password in order to conduct criminal activity. Consumer can also report the card stolen or lost thus having it deactivated and rendering it unusable.

• What would a criminal need to do in order to hack the imX digital authentication card?

The imX digital authentication card is part of a two-factor authentication system combining something the user has with something they know. The imX digital authentication card contains unique identifier and data encryption software. This is the “something the user has.” The consumer is in possession of a pin number (user id) and password. This is the “something the user knows.” The pin number (user id) and password together with the card's unique identifier is linked to the cards unique identifier on the processing server.

A criminal attempting to hack into the system must be in possession of all three elements. So, the criminal must have stolen consumer's card, pin number (user id) and password. In addition, the consumer can report the card stolen or lost thus having it deactivated and rendering it unusable.