IBM’s research lab at Zurich have created a simple and effective security device to ensure safe online banking for consumers. Dubbed as the Zone Trusted Information Channel (ZTIC), a simple USB drive that creates a direct and secure channel to the bank’s online server for transactions irrespective of user’s PC being affected with malware or viruses.
The ZTIC works by plugging into the user’s PC that directly takes the user to the already programmed bank’s website in a secured environment. Whenever the user transacts with the bank, the ZTIC equipped with a small display shows the transaction to be approved or disapproved. This can be done with the two buttons on the device. Transactions displayed on ZTIC are identical to what the server “sees”, no matter what malicious intervention may occur on the PC or anywhere in the Internet. There’s also an optional integration of Smartcard for added security.
How does it do?
The ZTIC runs the commonly used TLS/SSL protocol. The ZTIC hardware consists conceptually, at a minimum, of a processing unit, volatile and persistent memory, a small display and at least two control buttons (OK and Cancel) as well as an optional smartcard reader. The software is minimally configured with a complete TLS engine including all cryptographic algorithms required by today’s SSL/TLS servers, an HTTP parser for analyzing the data exchanged between client and server, plus custom system software implementing the USB mass storage device profile and a networking proxy for running on a PC. It supports TLS/SSL client authentication as well as common chip-card based challenge/response protocols.
A short explanatory video below explaining ZTIC: