Ergon has gained a lot of experience in the conception and implementation of applications in which security plays a crucial role. In 1996 we built Switzerland's the first internet banking solution for Credit Suisse, which as a matter of course had to meet very high security requirements. Since then Ergon has continued to extend its knowledge in the field of security and has successfully applied it in many projects.
Today, many financial institutes and other companies rely on Ergon's security knowledge. For DZ Privatbank (formerly Cosba), Ergon derived the security concept of the internet banking and afterwards also implemented it. This solution encompasses an entry server to protect the internet banking as well as a complete authentication infrastructure.
Together with our partners Swisscom IT Services Finance AG and Netcetera we built an e-service platform for Avaloq. Ergon holds responsible for its security and has developed and implemented the security architecture. The solution is used by Rahn & Bodmer since 2004.
For Swisscom IT Services Ergon developed a new ATM transaction server. Extremely high security standards had to be met.
Among other projects where security was vital are: LLB Internet Banking, EAM Asset Manager, Soliswiss e-Platform.
Medusa Authentication Server
Medusa is a Java solution that allows cost-efficient development of custom authentication solutions. Experience has taught us that authentication solutions are always specific to each customer, but share a common basis. Medusa addresses both aspects: its open and flexible architecture and its growing set of available components allow developing customized authentication solutions at minimum costs.
The Medusa Authentication Server and all its components are written 100% in Java and are targeted for J2EE containers such as Tomcat, JBoss or Websphere. The JSP-based multi-language basis application is configurable to a high degree, covers login, logout and changing passwords and can be used as starting point for customer specific adjustments. The plug-in concept allows independent development and simple integration of arbitrary authentication mechanisms, persistency layers, and other surrounding systems. The following systems have been integrated so far:
- Airlock as entry server
- Authentication services: RSA ACE (SecurID), Vasco (Digipass Go1), RADIUS, Ergon TAN Server
- Persistency layers: JDBC (Databases), JNDI (LDAP), file-based for tests and demonstrations
Medusa is used by DZ Privatbank, Rahn & Bodmer, Soliswiss and Versatel.
Ergon TAN-Server
Ensuring a thorough protection of internet and intranet service users requires the use of highly secure software and technologies. For strong authentication, a user name and password is often not appropriate because the knowledge of the static credential information compromises the security even in future sessions. Through the usage of one-time passwords (token or TAN), the security of the authentication is augmented considerably.
Ergon's TAN server allows the generation, management and usage of scratch lists (TAN lists) and matrix cards (challenge response). As part of the Medusa authentication framework, it is a modular, configurable and extendible software component. For example, the generated scratch lists or matrix cards can be provided as PDF documents or sent directly to a printing channel. The Ergon TAN server has been successfully running for many years for several of our customers and provides a stable and approved solution.
The Ergon TAN server is used by Coutts, KPT and Soliswiss.
Web Application Security Solution Airlock
In March 2002, Ergon, The e-Firm and Prof. Dr. Ueli Maurer founded Seclutions AG (later Visonys and Phion). In the meantime Airlock has become the leading web application security solutions that protect web applications from hackers and unauthorized access. Web applications that process confidential information or run transactions cannot be protected appropriately with network firewalls alone. The web application security solution Airlock is placed in front of the web server and ensures its security. Further, it enhances availability and reduces the total costs of ownership. With Airlock, customers control the risk of allowing web applications to be accessed from the internet. Airlock is a Swiss product and is by far the market leader in Switzerland.
Ergon contributes experience with security architectures and their implementations as well as the deep Airlock know how. Numerous Airlock integration projects have broadened our Airlock knowledge and experience for many of our customers. Among these customers are: Dresdner Bank, DZ Privatbank Schweiz, Kantonspolizei Zürich, KPT, meinecom, Rahn & Bodmer, SBB, Soliswiss, sunrise und Versatel.