Enhanced 2FA Identity Protection Platform

EzIdentity

For

DISCLAIMER ___________________________________________________________________________
This proposal is the property of Eighth Intuition Sdn. Bhd. and no part thereof shall be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise without written approval from the management of Eighth Intuition Sdn. Bhd.

Confidential and restricted

STATEMENT OF PURPOSE ___________________________________________________________________________

This confidential and restricted document is intended for Cyber Village, Malaysia in order to outline the applicability of Eighth Intuitions EzIdentity 2FA identity protection platform. Cyber Village has various verticals under their business focus where many customers are already using their solution(s). There is a good business opportunity to make additional revenue from the existing clients by offering stronger identity protection to their online work flows as a value added service. We have tried to identify the verticals and put our thoughts how it will benefit the customers. Primarily we are focused on the following to start with 1. 2. 3. 4. 5. Education Financial Government and NGOs Healthcare Telecommunications

2FA is applicable to all the electronic work flows as authentication and access control are elementary requirement of any system. Authentication is the only way to identity the user that is accessing the system. We can summarize the underlining change in the way things will happen in future as -

Password will get replaced with One Time Password.

Confidential and restricted

Our Observation and Value Add to Cyber Villages solutions ___________________________________________________________________________

1. Education
The Education industry provides ample business opportunities in regards to the deployment of the EzIdentity solution due to the typical requirements of robust and secured identity protection controls by staff and administrators or even non-legitimate third parties to sensitive information within and/or outside of the education providers network. This is particularly so in relation to personal information, financial and academic records of students or in order to prevent the accessing of copyrighted training/education material provided by the university to staff and/or students. Few examples of required access controls include: Course work available online or via the intranet Student login access to an internal network Academic reports, Staff reports, Administrative documents Online library access, Database access Student financial and loan information

Using International English (M) Sdn Bhd (IE) as an example with its online course offerings to its franchisees through LearningSTAR we can see that by incorporating a greater degree of identity protection into the Instructional Exchange Framework the solution is better able to secure itself in its potentially insecure operating environment (that is, online via its various franchisees) against unauthorised or malicious access that may be used to either manipulate or extract sensitive information from the site such as gaining access to the assessment or tutor management modules.

Financial
The benefits of implementing robust identity protection in the financial industry are significant, especially so in the service streams of mobile and online banking. However, financial institutions are at the forefront with the rapid and well known increase of cyber attacks and fraud threatening consumer confidence. Banks are acknowledging the need to provide a greater degree of confidence and stronger authentication to its customers using online and mobile banking channels. Current options available, however, can still come up short. The encryption of a banks online environment can be overcome by hackers gaining access to a customers PC and then keystroke logging, password cracking or even by social engineering. Similarly, PKI, Biometrics, Smart Cards and most other stronger forms of encryption in their current state are usually too inconvenient to use by customers, and tend to be too costly or hard to deploy to justify their use. The rationale of continually increasing the robustness and capability of identity protection security in a banks online environment are manifold as the loss or compromise of anything relating to a customers monetary value can lead to an extreme loss of confidence or even legal actions. In addition to this, breaches in related internal banking operations in certain environments (such as workplace VPNs, a banks CRM system, etc.) can likewise lead to a

Confidential and restricted

loss or exposure of sensitive banking data, personal information, manipulation of operations data or even corporate espionage. Using Cyber Villages Internet Banking system for BCB as an example, we can see that implementing an additional robust 2FA layer to the system would allow for additional security benefits in multiple spheres. For customers who may be utilizing the payment gateway or mobile banking facilities, this would allow, via Mutual Authentication, a greater degree of protection against identity theft while internal operations, such as the backend maintenance or administration modules, would ensure that only actual administrators are able to access these critical systems.

Government and NGOs

Enhanced security controlling access is perhaps nowhere as critical as those implemented in the vast variety of systems required by government related agencies. With the advent of e-governance and a greater online presence as well as the creation of accessible databases and systems by agencies the risks and repercussions of unauthorised access either internally via intranets or externally through VPNs and the internet has never been higher. This is primarily due to the nature of the operations undertaken by these various agencies and a compromise of their access controls can lead to a number of potential undesirable effects including: Loss or exposure of sensitive information in a political or public context. Manipulation of systems or data by malicious or politically motivated non-state actors or even state actors which may result in repercussions in national security. Loss of control of critical data and systems. Potential political fallout in the public arena resulting from a loss of confidence by the public, and potentially scandal or embarrassment to the agency involved. Some examples of potential required access controls for identity protection include: Login to an agencys network quite a few of which are now based on VPNs or WiFi, which do away with fixed location terminals. Access and editing of internal agency records/documents via their databases. Internal email storage and login as these tend to be very sensitive. Organisations involved with public funds (eg. Public Superannuation Funds, Tax agencies, etc.) or any sensitive information of individuals that may be available online. E-voting through government election websites. Administrators for government websites and information agencies.

Healthcare

Confidential and restricted

Healthcare and Insurance companies can benefit from the use of enhanced 2FA identity protection security in numerous ways. The best example would be in regards to privacy standards associations and rulings such as HIPAA in the USA which outlines how such agencies (public or private) must assure their customers that the integrity, confidentiality, and availability of electronic protected health information that is collected, maintained, used, or transmitted is protected with adequate safeguards: The confidentiality of health information is threatened not only by the risk of improper access to stored information, but also by the risk of interception during electronic transmission of the information. The purpose of this final rule is to adopt national standards for safeguards to protect the confidentiality, integrity, and availability of electronic protected health information. HIPAA As such the standards called for such security solutions to be able to be comprehensive enough to address all aspects of security, be scalable, and flexible enough to not be intrinsically linked to only a single platform or specific technology making solutions such as EzIdentity a viable addition to any solution in this regard. A few examples by which access controls are used by such companies are as follows: Online access by customers to their health details, insurance premiums, treatment costs, pre-certification, credit ratings, and remote management for individuals, employers, and healthcare professionals. Such access allows the display, management, and modification of such details much of which may be sensitive. Internal access by employees to databases and information pertaining to individuals or corporate clients. The remote management of sales forces in a country or location whereby client information and sales are uploaded and managed remotely.

Telecommunications
Telecommunication entities today have a very significant remote presence (online and via mobile communications primarily) with their customers and by providing certain custom facilities to various corporate and government clients. Without strong user authentication and password management attackers are able to steal a users credentials and use that to access sensitive proprietary information, misappropriate or sabotage valuable resources, data and networks, or compromise critical business applications. Such services that potentially require a robust identity protection include: Online or mobile purchasing of credit or consumer items (for example, using mobiles as rechargeable debit cards). Internet access, hosting and services, including email accounts. Lifestyle portals and, by extension, online and mobile storefronts as well as online gaming services.

Confidential and restricted

IT Managed Services that include VPN setup and portal access as well as CRM services from the infrastructure to web layers.

Through the use of 2FA secured access controls Telecommunications companies can allow for: Stronger identity protection using software and/or hardware 2FA tokens whereby administrators and users will generate their own One Time Password (OTP) to login to the network. Generate greater customer confidence by eliminating the risk of compromising their identity through the use of Reliable Stronger Authentication. Potentially generates revenue by having customers pay for the additional security through software or hardware tokens (on their choice) via sales of premium service packages. Defend against potential abuse and hacking attacks thereby reducing business losses from systems going down or a loss of reputation.

CONTACT DETAILS

___________________________________________________________________________
Primary Contact: Vikram Sareen Head of R&D Email : vikram@8i.com.my H/P : +60193800237 Tel: +603 6201 8515 Address: Eighth Intuition Sdn Bhd (726264-H) E-13-16, Plaza Mont Kiara, 2 Jalan Kiara, Mont Kiara 50480 Kuala Lumpur http://www.8i.com.my

Confidential and restricted