2. The IP Communications extensions The same IP technology that enables IP Communications solutions to: Boost productivity Increase mobility Enhance flexibility Also creates additional MANAGEABLE challenges for information security These new challenges exist : The Beepcard…
6. Comparison to PSTN In many ways PSTN is good with respect to toll fraud Still a very large amount of toll fraud on PSTN No voice crypto Person in wiring closet can listen to calls Anyone willing to poke around can listen to calls Caller ID is bogus Anyone can produce fake caller id for a few hundred dollars Is the security of the PSTN good enough? Will you give you credit card number over the telephone? Discuss a merger?
7. The BeepcardA unique solution for vocal services The ideal tool for telephone reception programs Access to vocal services requires that the customer be identified upstream. This takes place either through the use of the buttons on the telephone for DTMF vocal applications or the use of voice for the voice recognition version. In order to facilitate and secure identification, Iwatel offers the Beepcard, the authenticator that generates a dynamic sound password : the sound sequences are simply carried over the telephone network.
8. An authenticator for VoIP With voice over IP, the information and telephone systems come together, allowing companies to enrich the services that are provided on the vocal applications for their customers and/or employees. However, this opening into the outside world brings with it risks in terms of network security. The primary risk involves identity theft : hackers can get into a badly-protected network and gain access to confidential information pertaining to customers and employees. In order to secure vocal applications on IP, Iwatel offers a strong (double factor) authentication solution. The user that wants to access the vocal services prove this identity using the dynamic sound password produced by his Beepcardand an a code (authenticated by voice recognition). Security is ensured because the user is authenticated using an object that he alone has and using a code that only he knows.
9. The strong authentication server Iwatel’s Server is an advanced security administration solution, offering a modular and extensible solution for centrally managing identities and rights, in compliance with the entire distributed security policies.
10. Quick Return On Investment... ...pertaining to customer relations Costs pertaining to fraud are reduced thanks to secured access Portray an innovative image Opening up of new, richer services Quickly deployed thanks to its card format Multi-component card, able to incorporate several means of authentication Rechargeable cards actually render extra revenue from the recharge residual fees to retailers ... and for VoIP Reduce the risk of intrusion Enrich the services offered from telephone sets Provide mobile employees with access to their entire office Offer an ergonomic and attractive solution Preserve the company's image ... and from Iwatel IUCS side Reduction in the work load of "help desk" employees and administrators. 30% reduction in security system operating costs Economical, fast and safe deployment for a secure IT environment, which participates in increasing the overall level of competitiveness.
11. Beepcard Simplify and secure multi-channel electronic exchanges Very simple operation The Beepcard is an authenticator, and its ISO banking card format allows it to be easily carried in a wallet. Containing a microprocessor, battery, speaker, mike and a button, the Beepcard is a real concentration of technologies. A simple press of the button generates a sound : this is the dynamic password that can be directly read by a microphone. The dynamic password, to which is added the card user's identifier, is then sent to the authentication server over the network to which the device (fixed telephone or cell phone, PC, PDA, etc.) equipped with a microphone is connected.
12. Multiple Applications With its extremely high degree of security, it can open up access to many applications: identification and authentication at call centers, purchases over the phone or over the internet, financial transactions over the phone (bank wire transfers, payments, etc.), use of prepaid services (telephone communication, pay per view, gift cards, etc.), connection to a private company network, etc.
13. Multiple Applications (cont’) Available as an option, software modules make implementing applications easy: Web : secure access to internet and intranet applications. Keys : the password safe for secure access to the internet and intranet, and access in Radius mode. Phone : authentication for vocal servers.
14. How is it working 1Payment session 2 …Call IVR 1-800-xxx 4Press Card 5Press PIN 6Authentication 7OK…. Secured LAN DB 3Ask for ID &PIN Pay-card WEB Server IVR Server PHONE WEB
15. SimulationMicrophone + Speaker + Knowledge Verification Knowledge Voiceover Telephone “Send Acoustic Signal” Authenticate Knowledge “User Speaks password” VoicePrints Data Center “Dial Access Number” Biometric Biometric Authenticate Voice Accept “Card is now active” Authorization acknowledged Enjoy your call!
17. Schematic Start service End service Welcome announcement Input account voice password Input tour acoustic signal Origin & Destination screening Remaining credit/time Message Yes No Publicity Message (option) Follow-on call Present User Menu Remaining credit message To call To menu B-party release Message recording Call Setup BUSY/NO REPLY CONNECT CONVERSATION Real time credit check A-party release To menu choices Credit exhausted Enable/Disable possible
