VASCO DIGIPASS 710

Overview:

The patent-pending DIGIPASS 710 bank-to-customer authentication prevents attackers from impersonating financial institutions. A customer’s account credentials can no longer be stolen. One-time password (OTP) and e-signature authentication methods prevent attackers from impersonating customers in an effort to process fraudulent transactions.

E-signature based on "What you see is what you sign" is considered as the ultimate level of security.

Mutual Authentication

A bank customer identifies and connects to his bank server
The bank server initiates the authentication by presenting a dynamic host verification code, which can only be generated by a valid bank server and therefore identifies the bank
This code is verified by DIGIPASS 710 and when it matches, a dynamic code (OTP) is generated to validate the user’s identity to the bank

Both parties have proven their identity, resulting in mutual authentication. A secure channel has been created for any transaction between the bank and the end-user. This process ensures that valid passwords are send only to legitimate bank servers. All authentication codes rely on the proven DIGIPASS algorithm.

The initial bank server authentication can be done without user interaction when the optical interface is used.

How it works?

How dp710 works?

Optical interface

The otical interface is a feature that automatically downloads encrypted data from the PC display into DIGIPASS 710. This feature increases the end-user's acceptance dramatically since a data transfer is completed within four seconds.

The interface does not require any software or driver as the communication is established between a flashing pattern on the user’s PC and the photo-transistors of DIGIPASS. Customizable positioning icons on overlay of DIGIPASS 710 enable the compatibility of the optical interface with any screen size and resolution.

The optical interface facts:

No installation and support issues
No hidden deployment cost
Can be used on any platform (Windows, Linux, Mac)
Compatible with any available browser
Displays as a flashing pattern on the PC screen

Zero foot-print

DIGIPASS 710 does not require any software or driver installation on the user’s PC. This ensures that valuable data is never stored on the user’s PC, thus eliminating a potential security threat.

E-signature: What You See Is What You Sign (WYSIWYS)

The e-signature functionality of DIGIPASS 710 automatically activates once the mutual authentication has been established between the bank and the end-user.

The bank server sends the user the encrypted transaction requiring an e-signature. This transaction is sent securely to DIGIPASS 710 encrypted by a Data Transport Key (DTK) only valid for this session. This encryption key was shared between the bank server and DIGIPASS 710 after having a successful mutual authentication
The end-user loads his transaction into DIGIPASS 710 by one of the following methods:
- Automatically through the optical interface of the device, orr
- Manually on his DP keypad
This transaction is decrypted by the device and key transaction data is displayed for confirmation from the user by selecting “OK”
Once the user has approved all displayed data, the device generates an electronic signature, based on the original data sent to the bank server. This code is unique for each transaction.

Features:

Customizable user interface and number of fields available for e-signature
Adjustable PIN management to meet even the most stringent banking security policies: weak PIN protection, PIN length, maximum number of wrong PIN entries, time limits, unlock code, etc.
Very user-friendly
Multiple languages available for the user interface
Fully customizable labels displayed for the different transaction data (in e-signature mode)
Any time labels can be defined by the authorized bank server: e.g. to enforce new security rules (in e-signature mode)
Public Internet access places are no longer a threat; a secure channel is established between the bank server and DIGIPASS 710