Secure Internet Portal

Security

The Secure Internet Portal addresses all of the major threats that currently face online services like banking services:

Phishing attacks - the CD-ROM token forms an integral part of the authentication process, so even if a client can be coaxed into providing their password the key material on the token is still inaccessible to an attacker
Man at the end attacks - the browser used by the client for the online service is stored on the CD-ROM token, which is read-only and therefore not vulnerable to being compromised by malicious software
SSL man-in-the-middle attacks - the browser on the CD-ROM token is customised to trust only a single SSL server certificate, so SSL man-in-the-middle attacks are prevented
Key loggers - even if the client's password is captured, the key material on the CD-ROM token is still required before an attacker can masquerade as the client.

The CD-ROM token may be copied, like any CD (although this can be made difficult), but this requires physical access to the token, which attackers almost never have. Even if a CD-ROM token is copied, there is no way to determine the client's password from information on the token.