|
CMC's
products and services help in setting
up a certificate authority (CA) and in
leveraging a public key infrastructure
(PKI) within a large enterprise.
iCert
(PKI software for certificate authority)
A standards-based, high-grade security
software product from CMC that consists
of a certificate server, registration
authority and key management modules.
iCert is suitable for setting up both
enterprise (within the organisation) and
commercial certificate authorities.
PKI consultancy
services
CMC assists organisations in setting up
a PKI and associated services, including
preparation of their certification policy,
practice statement and implementation
plan.
PKI-enabling
applications
We develop PKI-enabled applications and
help to PKI-enable existing applications.
eCommerce
products
iCert
As the Internet becomes the primary medium
for electronic commerce and messaging,
organisations need strong security for
their Internet applications. PKI is a
set of security services that enables
the use of public key cryptography and
digital certificates in a distributed
computing system. They are tools for authentication,
authorisation and encryption in a variety
of Internet / intranet applications, including
secure messaging and eCommerce.
PKI
products and services allow organisations
to establish security domains in which
they issue keys and certificates. Within
these domains, it enables the use and
management of both encryption keys and
certificates; key management, certificate
management and policy management. It allows
the organisation to set up application
security in a way that supports its business
needs.
iCert
is CMC's high-grade security PKI solution,
that consists of the following components:
|
|
Certificate
server: A standards-based component
which supports
X.509 v3 certificates for a wide
variety of applications like secure
socket layer (SSL), secure multi-purpose
Internet mail extensions.
(S / MIME), secure electronic transaction
(SET), digital time stamping, code
signing and eCheque. It can also
be customised to issue other application-specific
certificates. It comprises an intuitive
and user-friendly web interface
for administration and customer
services.
This
can be integrated seamlessly with
any lightweight directory access
protocol (LDAP) server for publishing
certificates and certificate revocation
lists (CRLs). iCert supports policy
customisation to meet the organisation's
specific policy through the policy
editor that is provided as an integral
part of the certificate server.
|
|
|
Key
management component: It supports
the entire key life cycle management
functionality, including key generation,
distribution, backup, recovery and
archival. It is supported both on
software as well as on the more secure
FIPS 140-1 (Level-3/4) hardware security
modules. |
|
|
Registration
authority (RA): An optional
component which acts as a subordinate
server to a CA, providing administrative
support (like personal credentials
verification).
|
All
iCert components support industry standards,
including public key cryptography standards
(PKCS), PKIX standards from the IETF working
group, and X.509 standards from ANSI ITU
and LDAP.
Gate
eWay
Gate eWay is a secure application that
enables acquirers (banks) to process eCheques,
credit cards (SSL, SET) and other electronic
payments for merchant storefronts over
the Internet. It interacts with payment
servers (which talk to online payers and
merchant systems) as well as with legacy
payment processing systems of banks.
Gate
eWay provides a robust and flexible connection
to link payment server systems with financial
processing and bank systems. It supports
all aspects of a financial transaction,
including high-volume payment authorisation,
payment capture, authorisation reversal
and credit transactions.
Built
on open architecture, Gate eWay can support
multiple financial instruments and transactions
through the use of instrument-specific
plug-in modules.
Gate
eWay can help a bank leverage its investment
in existing infrastructure by extending
its reach to new channels and markets
in a cost-effective manner.
Benefits
|
|
Helps in extending
the bank's reach to new channels of
payment like eCheque and credit card |
|
|
Supports multiple payment
mechanisms and support for addition
of new payment protocols as they emerge |
|
|
Provides easy integration
with existing bank software |
ePayServ
ePayServ is a secure server which processes
payments for Internet merchants. It talks
to eWallets and receives payments from
buyers, and connects to payment gateways
to process payments. It can be operated
in an application service provider (ASP)
model to support multiple merchants.
ePayServ
can process eCheques, credit cards (SSL,
SET) and other eInstruments. It handles
payment authorisation, capture, refund
and corresponding reversals. It also supports
batch processing of payments.
eCheque
An eCheque is an electronic document which
substitutes the paper document. Public
key cryptographic signatures can be substituted
for handwritten signatures.
Payers
and payees can be individuals, small businesses,
brokerages, corporations, governments
or almost any other type of organisation.
eCheques pass directly from the payer
to the payee, so that the timing and the
purpose of the payment are clear to the
payee.
The
payer writes an eCheque by structuring
an electronic document with the information
legally required to be in a cheque and
digitally signs it. The payee receives
the eCheque over email or web, verifies
the payer's digital signature, writes
out a deposit and digitally signs it.
The payee's bank verifies the payer's
and payee's digital signatures and forwards
the cheque for clearing and settlement.
The payer's bank verifies the payer's
digital signature and debits the payer's
account. Like paper cheques, eCheques
can bounce or be returned, for stop payment
instructions, insufficient funds or accounts
being closed.
Cryptographic
signatures on every eCheque can be verified
at all points, while in paper cheques,
handwritten signatures can be verified
at only one point.The eCheque system is
designed with message integrity, authentication
and non-repudiation features, strong enough
to prevent fraud against the banks and
their customers.
It
is compatible with interactive web transactions
or with email and does not depend on real-time
interactions or on third party authorisations.
It is designed to work with paper cheque
practices and systems, with minimum impact
on payers, payees, banks and the financial
system.
eBillPay
eBillPay is an Internet bill presentation
and payment system which allows customers
to view and pay bills through the Internet.
Bills can be paid by eCheque and credit
card (SSL and SET). eBillPay works in
conjunction with a payment server for
processing payments.
It
can be integrated with the merchant's
billing system, with little or no change,
using extensible markup language (XML)
and the standard web data interchange
technology.
Benefits
eBillPay is designed on the ASP business
model, in which multiple billers can hire
eBillPay services through the service
provider. Billing organisations can provide
Internet-based customer services with
minimal implementation and integration
costs. Since multiple billers are connected
to a single eWindow, advertisements through
the web can bring revenue for eBillPay
service providers.
WISeBank
WISeBank provides a secure web interface
for any core banking application and provides
multi-channel banking facilities (Internet
/ SMS / WAP) to the bank's customers. It
provides a highly secure environment and
ensures that the account holder's financial
transactions are carried out safely.
It meets the following transaction security
requirements:
|
|
Privacy |
|
|
Authentication |
|
|
Integrity |
|
|
Non-repudiation |
Features
|
|
Facilitates easy integration
with any legacy banking application |
|
|
Conforms to Internet-based
application requirements like scalability,
reliability, security, fault tolerance,
etc |
|
|
Its flexible architecture
supports multiple delivery channels
like Internet, mobile devices and
is extendable to other channels |
|
|
Supports a multi-language
interface |
|
|
Provides a centralised
administrative interface |
|
|
Supports multi-currency
transactions |
|
|
Maintains a database
for Internet banking customers to
store authentication, login / logout
and transaction log information |
|
|
Supports automatic
data validation |
|
|
Provides extensive
online help for all items displayed
in the browser |
|
|
Complies with IFX standards |
Contact
| Head
- e-commerce |
|
CMC Centre
Old Mumbai Highway Road
Gachibowli
Hyderabad - 500 032
|
| Tel:
(+91-40) 23000401 / 501 |
| Fax:
(+91-40) 23000509 |
| Email:
ecom@cmcltd.com |
|
