Technology
How do we do it?
Ancora Online stores a “computer caller
ID” in the motherboard of the computer. This is enabled by the
patented BIOS Advantage (US Patent 6,411,941),
the foundation of all current and future Ancora Technologies
products.
During a login attempt the bank server will try to match the login
information with the Ancora “computer caller ID” to verify the
authenticity of the user. The “computer caller ID” is a computer
specific digital signature encrypted with the computer’s electronic
profile.
As an added security measure Ancora will renew the “computer caller
ID” invisibly and automatically at a set period of time.
A hacker’s login attempt with a stolen login ID from his computer
will be rejected by the bank server because his computer will lack
the computer specific Ancora “caller ID”.
Verification
Ancora Online is deployed over the web as
a client with a small footprint during the enrollment process.
Each time the customer requests the bank’s login page a challenge is
generated and embedded in it (step 1).
When the page is received by the customer’s browser, Ancora Online
detects the embedded challenge and generates a response, based on
the “computer caller ID” stored in the BIOS (step 2), and sends it
securely to the bank’s server.
The customer performs a normal login (step 3)
The bank’s server logs the response so when the user submits the
login page it can verify the user’s authenticity by matching the
response with the customer’s known “computer caller ID” stored in
the bank’s database during the enrollment process (step 4).
Only a successful match signals the bank’s server to proceed with
the online session.
Enrolling a computer is
simple
Once a customer establishes an online bank
account and receives his or her User ID and Password the bank will
also issue an Initial Enrollment Code (IEC).
The computer enrollment is initiated the first time a customer logs
into the bank’s web site. At this time the Ancora Client is
automatically downloaded and installed on the designated computer.
Immediately after installation, the Ancora Client requests the IEC
received from the bank and presents it to the bank server which, in
turn, generates the “computer caller ID” signature and sends it back
to the Ancora Client to be stored in the customer’s computer BIOS.
More than one computer can be enrolled for each account, limited
only by the bank’s business rules. For the highest degree of
convenience, Ancora also allows users to self-enroll additional
computers beyond the initial ones, anytime thereafter.
Privacy
The customer's privacy is as important
to Ancora as security and convenience. Ancora implements measures
to prevent third parties from misusing its "computer caller ID" to
invade a customer's privacy and track his activity on the Internet.
Standard Encryption
Ancora uses industrial strength standard
encryption algorithms for the challenge-response, digital signatures
and secure communication purposes.
Ancora system
components
Ancora deliverables include the Ancora
Bank Server, the Ancora Client and the Ancora SDK.
The Ancora Server is installed inside the bank’s server farm and
integrates with the online banking system via a local Web Service.
The Ancora Server contains its own database therefore it requires no
interactions with the banks existing database.
The Ancora Client is designed to achieve 100% compatibility with the
PC installed base and does not require any additional hardware or
modifications to the BIOS.
The Ancora SDK includes detailed documentation and code samples of
how to create a front end for the different Ancora functionality. A
minimal modification to the existing online banking login module may
be required.
Compatible with
Trusted Computing
The Ancora Client is designed to take
advantage of Trusted Computing Architecture (TCPA) which the
computer industry has just begun adopting. The same Ancora Client
will work on both TPM and non-TPM platforms.
|
