Implementation project of electronic keys of eToken GOST in the Internet of Client-Bank system

ROSBANK and Aladdin R.D. company announced in November, 2011 successful implementation of electronic keys of eToken GOST in the Internet of Client-Bank system that allowed to increase significantly security of remote banking of corporate clients of ROSBANK.

At the moment the remote banking (RB) is one of the most vulnerable areas in all range of financial services. For the purpose of reduction of risk of theft of money and increase in security of RBS service the management of Rosbank made the decision on implementation of electronic keys of eToken GOST in the Internet of Client-Bank system for legal entities.

Prior to the beginning of this project authentication of clients and confirmation of transactions were performed using the electronic signature (EDS), however for storage of private key the diskettes, an USB flash and HDD which were not providing sufficient protection were used. At the same time in most cases for plunder of money a main objective of the malefactor is private key of the EDS, and modern specialized bank Trojan programs are focused, first of all, on massive theft of private keys of the EDS from the unprotected storages.

"We conduct full-time work on the analysis of the arising threats of information security and necessary measures of protection. Besides, the Bank is included into the Societe Generale Group and in the work is guided by high requirements of the set standards including in the field of ensuring data protection therefore we addressed the project on increasing the level of security of remote banking", – Andrey Gamolsky, the director of the department of card and remote technologies of ROSBANK comments.

Increased security "the Internet the Client Bank" by implementation of the technology allowing to exclude finding of private key in a zone of availability of the virus software was a project objective. It is provided thanks to key carriers with hardware generation of the electronic signature and not taken private keys — the last under no circumstances does not leave the internal protected area of the device. It allows to raise considerably the security level of financial transactions during the work in the RBS system and practically to exclude the probability of success of the mass attacks by specialized virus tools.

As the devices meeting the above-stated requirements, specialists of Rosbank selected electronic key of eToken GOST of production of Aladdin R.D. company. The main criteria when choosing this solution were high operational reliability of devices, an opportunity for work without installation of additional software and the confirmed broad experience of use of these devices in similar projects. The additional factor which influenced decision-making was existence of the certificate of FSB of Russia on eToken GOST as on the means of cryptographic information protection meeting requirements of regulating documents for classes KC1 and KC2.

"The full stroke of the project took slightly less than a year. Development of technical and organizational requirements to the project was during this time executed, additional software customization "the Internet the Client Bank" is carried out, large-scale delivery of eToken GOST devices is performed and distribution of keys by service divisions of Bank and also processing of a contractual basis and internal instructions is provided, – Alexey Kolesnikov, the head on work with clients of the financial sector of Aladdin R.D. company says. – Thanks to close cooperation with specialists of ROSBANK a part of stages of the project was complete ahead of schedule. According to the results of implementation about 700 departments of Rosbank can offer corporate users the convenient and safe mode of work with remote bank services".