PRODUCT SUITE
  BankMill™ - Core
  BankMill™ - iRetail
  BankMill™ - iCorporate
  BankMill™ - iFamily
  BankMill™ - eAlerts
  BankMill™ - MindTouch
  BankMill™ - Mobile
  Bankmill™ - iGilt
  BankMill™ - eCheques
  BankMill™ - imCheque
  BankMill™ - MindConnect
 
How to Proceed
  Send us your simple one-page requirement and we will give you a rough estimate. This can be followed by a more detailed requirements document at which stage we will give you a more accurate estimate.
 
 
Contact Us
 

Mindmill Software Limited,
Mindmill Corporate Tower,
24A Film City,
Noida, UP 201 301, India

Tel: +91 120 414 2000
Fax: +91 120 414 2002

Email: rohit.kumar@ mindmillsoftware.com

URL:
www.mindmillsoftware.com/ banking

  
 
  Home
  Products
  Customized Software
  Bank Systems Consultancy
  Security
  Support
  Standards Followed
  Resources
  Top Management
  Implementation
  Multilingual Support
  Open Systems
  Calculators
Credentials
 


Product in use since 2002
Product in use in several banks in India and around the world
Complete software suite of banking products
Established - 1993
Located in New Delhi, India
ISO 9001 certified since 1998 + Production processes are SEI CMMi Level 3 Certified
Current employee base of over 150
Clients in over 14 different countries
 
 
Security
 


The following issues are important from the perspective of security in an application:

  • Authentication of the application server
  • Authentication of the user
  • Integrity and Confidentiality (Snoop safe transmissions)

These are detailed below in the following sections:

Authentication of the Application Server

The customer needs to be ensured that the pages/screen and reports that he is looking at are indeed from the Net Application’s server. This is ensured by having an SSL (secure socket layer). A certificate is purchased from a recognized standard third party such as Verisign and placed on the Net Application’s servers. This ensures that the pages that the user is viewing on the Internet for a given web site are indeed coming from the Net Application’s servers.

Authentication of the User

The users passwords are kept in MD5 encrypted at the server databases. No one except the user knows his password. It is not possible for the server to see the password also as the whole thing is kept in the MD5 encrypted format. When the user connects to the web site, a random number is generated at the Net Application’s server, which is then sent to the user’s web browser. The user enters his login name and password. First an MD5 encryption of the password is created and then the random number is concatenated to the encrypted password along with the login name to give an intermediate string. A 3DES encryption of this string is created and this final encrypted string along with the login name is sent to the server. The server decrypts the message, checks to make sure that the random number matches, identifies the login name and gets the MD5 encrypted password corresponding to the login name from its databases. The MD5 encrypted password from database is checked against the MD5 encrypted password from the user. If they match the user is authenticated and a secure channel is created.

Integrity and Confidentiality (Snoop safe transmissions)

All data transmitted between the browser application and the server application is encrypted using 3DES encryption (this is a symmetric encryption on both the server and the client side and uses a key to ensure that the server and the client can communicate with each other). This ensures that even if someone is snooping the channel they cannot read the contents of the channel. If they try to change the contents the server will not be able to recognize the contents and discard the whole transaction.

 

 

 

 

 

  
 
© Copyright 2007 Mindmill Software Limited. All rights reserved.
Please contact the Webmaster if you have any questions or comments about our website.