Banking security on a USB stick
IBM Research has developed a USB device that protects online bank transactions by creating a protected channel directly to the bank's server.
IBM was set to unveil on Wednesday a prototype USB device designed to protect people doing online banking from having their data stolen or compromised.
The device, which looks like a memory stick with an integrated display, creates a secure channel to a bank's online transaction server. The connection bypasses the user's PC, which could be infected with viruses and other malware that make sending financial information over the Internet unsafe.
The user can log on and validate transactions using the device's display and a smart card can be inserted into the device, providing an added layer of security to protect transmissions from man-in-the-middle interceptions, IBM said.
The device, called a Zone Trusted Information Channel, runs the Transport Layer Security/Secure Sockets Layer (TLS/SSL) protocol and includes a TLS engine and a networking proxy for running on a PC.
Developed at IBM's Zurich Research Lab, pilot devices are ready for bank trials. They do not require changes in the bank server software or the client software and they run on all major client operating systems.