TeleWeb utilizes the
latest computer and security technology to ensure that all customer account
information remains secure and accurate. The two components of TeleWeb,
TelePC Server which resides on a TeleBank system, and the TeleWeb Server
Network which resides in a secure location at AudioTel Corporation Headquarters,
both implement strict security controls.
Account Access Controls
TeleBank maintains controls for the way in which each customer may access
accounts. These controls are maintained through settings on the host software,
downloaded to TeleBank, and within the TeleBank interface. Restrictions
may be placed on account access and transfer rights. TeleWeb adheres to
these restrictions on the TeleWeb Server Network and then verifies them
on TelePC Server.
A customer is only allowed to access account information on TeleWeb with
a valid login consisting of a customer number and PIN. Only customers
who have been enabled for TeleWeb will be allowed access and only data
for these customers will be transferred to the TeleWeb Server Network.
After three simultaneous invalid PIN entries for a customer, access will
be disabled for the customer preventing unauthorized access by a third
party. Once disabled, only bank personnel may re-enable access through
the TeleBank interface.
All communication between the customer and the TeleWeb Server Network
are conducted using the Secure Socket Layer (SSL) protocol. SSL provides
data encryption, server authentication, and message integrity for the
entire banking session. This assures that somebody will not be able to
eavesdrop on the session, that the customer is connected with the TeleWeb
Server Network and not an imposter, and that all information received
will be accurate. Additional information on SSL may be found at http://docs.iplanet.com/docs/manuals/security/sslin/index.htm.
Account information is transferred from TelePC Server to the TeleWeb Server
Network via the TelePC Virtual Private Network (TelePCnet). TelePCnet
is a secure private communication channel established over the public
Internet. All data transmitted on TelePCnet is encrypted using keys known
only to TelePC Server and the TeleWeb Server Network. A large private
key is used to establish this secure connection. Once this private key
has been exchanged, a 128-bit session key is generated and used only for
the remainder of the current session. After a secure TelePCnet connection
has been established, the TeleWeb Server Network authenticates TelePC
Server with a unique Bank ID. These methods insure that all conversations
are private between known parties and may not be intercepted or repeated.
TelePCnet utilizes the Blowfish Encryption Algorithm to encrypt all communications.
Details on the Blowfish Encryption Algorithm may be found at http://www.counterpane.com/blowfish.html.
The TeleWeb Server Network is comprised of several components including
a Firewall, Screening Router, Proxy Server, Web Server, and Database Server.
The Firewall and Screening Router work in tandem ensuring that only authorized
request are allowed to reach the Web Server. Any suspicious activity will
result in access being denied and is logged for later review. The Proxy
Server acts as an intermediary between the Web Server and the Internet.
All requests are passed to the Web Server on behalf of the client and
back to the client on behalf of the Web Server. This ensures that access
directly to the Web Server is not possible significantly reducing the
possibility of unauthorized access. The Database Server, where all account
information is stored, is only accessible through request made by the
Web Server. Access to account information is only allowed through the
Web Server Banking interface.