Enterprise Applications

Remote & Mobile Corporate Network Users: Many organizations need to provide access to their internal private networks to remote employees, partners and suppliers. The preferred means for accessing these networks is through the internet using PC web browsers. However, these PCs are potentially infected with malware that is designed to steal user credentials and company secrets and that is able to spread into the corporate network and other PCs connected to this network.

To protect against this, some companies pre-configure each user’s PC for remote access and scan these PCs for malware infections every time they request network access. Unfortunately, this pre-configuring is expensive and cumbersome to administer and malware scanning still leaves some malware undetected. Moreover, this approach restricts users’ choice of devices for logging on to the network to company-issued and pre-configured PCs. Thus, for example, executives requiring access to the network while traveling can be left stranded without critical network access in the event of losing their “pre-configured” company PC laptops. With Secure-Surfer™ these mobile workers can securely access the network from colleagues’ PCs, public PCs in hotel lobbies, or ANY other available PC.

Networks that limit remote access to PCs equipped with Secure-Surfer™ eliminate the threat of hackers stealing user credentials and logging on to the network with these stolen credentials. Also, they can protect the network from malware resident in users’ PCs. User credentials cannot be stolen, even when access takes place from an untrustworthy PC. Since each Secure-Surfer™ key is unique and issued to an individual, access can also be monitored for auditing and regulatory compliance (e.g., The Health Insurance Portability And Accountability Act Of 1996 (HIPAA) and The Sarbanes-Oxley Financial And Accounting Disclosure Information Act of 2002 (SO)).

Secure-Surfer™ provides this level of protection to mobile and remote users even when using unsecure or untrusted wireless (WiFi) networks and non-SSL protected connections. Most of the local area network traffic within organizations such as enterprises and universities are not conducted using SSL. However, these organizations increasingly need to provide users with internet access through wireless (WiFi) networks that are more vulnerable than wired networks. Indeed, attackers can easily launch traffic sniffing from anywhere that can pickup a wireless signal (e.g., in the parking lot of a business). It is also easier for attackers to build a spoofed route or DNS service for connection hijacking and identity phishing and such attacks are increasingly common . The state-of-art protection practice for WiFi networks is WAP, which provides limited encryption protection to the wireless network traffic and is easy to break. As a result of these vulnerabilities, non-sophisticated WiFi users are at a significant risk of being tricked by attackers through phishing and hijacking. This fact makes the WiFi network very unsuitable to carry traffic for serious business.

Secure-Surfer™ enables a safer WiFi network experience by providing authentication and routing through the NarrowGateKeeper proxy service. First, only authenticated users employing Secure-Surfer™ can access the NarrowGateKeeper server. The authentication mechanism is built into the Secure-Surfer™ device, which automatically launches authentication negotiation with NarrowGateKeeper server. The authentication is mutual for both server and client to ensure the client only communicates through SECURE-SURFER, LLC’s NarrowGateKeeper server and the server only permits trustworthy SECURE-SURFER, LLC users to use the services.

After the mutual authentication, all internet access is proxied through the NarrowGateKeeper. A higher level of security is provided by using an SSL tunnel between Secure-Surfer™ browser and NarrowGateKeeper server. In this way, the traffic is immune to traffic sniffing attacks launched between client and NarrowGateKeeper. The client’s Secure-Surfer™ only recognizes and connects to the designated NarrowGateKeeper server, which is hard coded into the Secure-Surfer™ device. The client Secure-Surfer™ does not make any local name resolution for any other destination servers. In this way, it is completely immune to DNS hijacking and phishing attacks against the client side. By protecting against these two common problems (sniffing and hijacking), Secure-Surfer™ provide authenticated and private web surfing even for users connecting through WiFi networks and non-SSL enabled connections.

Web Server Customer Service Costs Containment: Providing customer support for a large group of users is always challenging. This is particularly difficult for Internet-based services such as online banking because of the large variety of reasons that could deny users from accessing offered services. Worse yet, these reasons are often not directly related to the offered service. For example, failure of an ISP, client operating system, or an infected client browser could all deny legitimate users from accessing his/her account even when the server side software is in perfect condition and being used by many other customers.

Because malicious software is widespread and PC’s architecture open, these problems are so common that many support efforts of network services are spent in the diagnostic and recovery of end user’s browser software, network configuration, and operating system, even though these have no direct relationship to the network service being offered. The table below suggests that malware infections have a profound impact on organizations’ customer service costs.

Although most of network services offer detailed online trouble-shooting and self-diagnostic procedures, users often fail to access these procedures because their browsers or network configurations are malfunctioning. In some cases, the supporting team ends up making a reinstallation of the operating system simply to get a working browser to access additional troubleshooting information on the Internet. The table below illustrates the average cost of help desk, reinstallation, and loss of productivity for an organization supporting 14,000 workstations.

The use of Secure-Surfer™ for internet browsing can significantly reduce these customer service costs, particularly because browsing is by far the major source of PC malware infections. Secure-Surfer’s™ browsing eliminates incidences of downloading malware into users’ PCs and provides trustworthy and reliable internet access, even when the host PC is infected with malware.

Financial Service Providers: Financial institutions are the target of over 80% of malicious activity on the internet and increasingly subject to regulations requiring better means for ensuring the identity of online users. Indeed, in many countries only users equipped with an authentication device such as a Secure-Surfer™ are permitted to conduct online banking. Secure-Surfer’s™ cost per customer is so inexpensive that a bank could offer the Secure-Surfer™ keys and service as marketing give-away to (1) significantly reduce the risk of online fraud; (2) realize significant savings by encouraging more customers to employ on-line banking services , which are about 10 times less expensive to deliver than “brick and mortar” services; (3) attractively differentiate its enterprise; and (4) better comply with regulations such as the U.S. Federal Financial Institutions Examination Council (FFIEC) "Authentication in an Internet Banking Environment Regulation" .

In the United States, stronger security measures would reportedly double online banking usage, raising banking industry profits by $8.3 billion . Indeed, 74% of Americans do not believe that current practices for identifying themselves online to their banks and other eCommerce services are safe and most are willing to adopt stronger security methods to log on, including token-based solutions such as Secure-Surfer™ . Over the next decade, about 40% of the world’s population will use banks for the first time ever.

The adoption rate of these banking consumers will depend critically on convincing them that online banking and e-Commerce are safe . Secure-Surfer™ is a compelling and unmatched approach to providing this safety with ease of use and low cost.

Banks and eCommerce suppliers provide online security to their online retail customers with simple software solutions, while providing their business customers with stronger authentication devices such as smart cards, one-time passwords, and biometric identification devices . Secure-Surfer™ is significantly superior to all of these solutions because it works reliably even when users communicate from untrustworthy PCs and networks and is comparatively easier to use and less expensive.

Individuals: Managing PCs for accessing the internet securely can be daunting. Software for identifying and eliminating malware requires continuous updating and web surfing inconveniences users with a myriad of prompts to accept or reject operations that can potentially harm their PCs and compromise their privacy. Most users lack the time and understanding to keep up with these prompts and updates. As a result, these users’ PCs typically become highly prone to malware attacks, freezes and slowdowns associated with poor software maintenance.

Secure-Surfer™ relieve users from having to conduct or worry about such maintenance, providing robust appliance-like web access, even from PCs infected with malicious malware. This is particularly important in those occasions when users have an urgent need to access information on the internet, but their PC browser is not performing properly because its code has become corrupted or the PC is infected with malware. Secure-Surfer™ also protect against snoopers recoding or seeing these users’ internet activity. This is particularly important when the cost of losing privacy while surfing the internet is high (e.g., when entering personal passwords or credit card or other security information that could be used to illicitly access these users’ financial assets or records). Of course, Secure-Surfer™ are also useful to these users when the risk of downloading malware from the internet is high.

Healthcare: Medical records are increasingly stored and available in digital formats and patients, insurance carriers, doctors, and employers need secure access to these records using their PCs’ web browser. Regulations such as HIPAA require that organizations storing and transmitting these records ensure that these records are only viewed by those authorized to do so. However, as discussed earlier, credentials for accessing these records remotely using a standard web browser from a PC are easily stolen by malware. This vulnerability is particularly strong for PCs that are not tightly supervised by network operators, such as those of patients or doctors. Secure-Surfer™ provide an inexpensive and fail-safe means for providing the needed protection to comply with regulations and ensure privacy.

In addition to increasing the survivability of web browsing in untrustworthy environments, Secure-Surfer™ can also be used to make online access more accountable. A server often wants to ensure that its service is only available to authorized users and that users cannot share the service with others without the server’s permission. Currently, users of SSL-style of authentication can violate this without being detected by the server. Users can offer anyone copies of the authentication credential and thus ability to access the service. Since Secure-Surfer™ are not replicable and each is unique to its user, network operators can constrain network access to users who physically possess a Secure-Surfer™. This functionality is also useful for many applications especially those requiring strong digital right management (DRM) to protect rights of media creators and distributors and to comply with regulations such as HIPAA and SO.