eSpherical.com, Inc. is a software development company headquartered in Washington, DC USA. eSpherical.com has been in business since 2000 and provides mobile software, web applications and custom software solutions for commercial customers and the U.S. Federal Government. In 2007, eSpherical.com was granted a special business promotion by the Thai Board of Investment and subsequently opened our Asia Pacific regional office in Bangkok, Thailand. From our Bangkok office, we support our regional mobile commerce customers, our courier and logistics customers, and our telecom (DTAC) customers. Our Bangkok office is also engaged in mobile software and security research and development.

eSpherical.com is very pleased to have the opportunity to offer our mobile banking software solutions to Bangkok Bank. Throughout the remainder of this technical proposal, the terms “wireless” and “mobile” will mean mobile phone(s) and wireless devices (PDA, BlackBerry™, SmartPhone, iPhone™, etc.). Our solutions in this technical proposal will address key areas including:

1. Mobile banking portal software interface.
2. SMS/MMS customer notifications (CustomerCare™).
3. Mobile banking software security.
4. XML/SOAP standards for mobile transactions.
5. Software & hardware system architecture.
6. Software & hardware hosting details.
7. Software operational written agreements (SLA).
8. Software support, maintenance, and upgrades.
9. System audit details.
10. Mobile marketing and business support.

This technical proposal is intended to be a starting-point blueprint for requirements documentation and design documentation for Bangkok Bank.

Section 2 of this technical proposal is a brief introduction to eSpherical.com. This section is intended to provide information about eSpherical.com and our experience and success stories as well as our strategic partnership with security and mobile banking industry leaders.

Sections 3-10 address the technical and functional specifics of our mobile banking software.

Based on our experience and knowledge of the mobile commerce industry, our mobile software for Bangkok Bank is summarized in the following three general areas:

Mission Statement
eSpherical (Thailand) was founded in 2007 with the support of eSpherical.com Inc (US) and Digital Intelligence Systems Corporation (DISYS) which is a strategic partnership consisting of software developers and Information Technology (IT) security managers. We successfully deliver original software products and mission support services, strategic sourcing, and information technology (IT) security consulting to private industry, Federal Government customers, and State agencies. We expertly match customer requirements with qualified, experienced professionals and leading-edge secure software solutions to achieve our customers’ business and IT goals. Your success is our mission

eSpherical.com specializes in developing mobile and web-based software technologies. Our success is providing rapid and integrated IT solutions using commercial software development products (Microsoft® .NET™, Microsoft® Visual Studio™, Adobe® ColdFusion™, etc.). Our goal is to create easy-to-use secure and robust mobile software that empowers your organization and your customers to work smarter and more efficiently. Our core business areas and products are summarized in the following sub-sections.

eSpherical.com develops leading-edge software solutions that deliver critical information to decision makers. Our software includes a collection of wireless business tools for managing performance, connecting your work force, and delivering value to your core business lines and core missions. Some of our featured software includes:

1. Wireless airline reservations and credit card payment software.
2. Wireless bar code scanner software for inventory management, asset management, compliance reporting, and streamlined business operations.
3. Mobile office products (mOffice™) for data access and data analysis for customer relationship management (CRM) and remote sales force.
4. Mobile security manager wireless security software for managing mission critical infrastructure.
5. Mobile content management for travel industry (Mobile Park Finder).

Figure 3: Mobile AirAsia Portal

Figure 4: Mobile IndiGo Portal

Figure 5: Mobile Logistics Portal

Figure 6: Mobile CRM Portal

Figure 7: Mobile Route Manager

Figure 8: Mobile Travel Content

eSpherical.com manages and supports eDispatch™ online office logistics & courier management software. eDispatch™ is a web application which connects all corporate shipping, delivery, and tracking logistics in one convenient web portal. Using eDispatch™, businesses can schedule pickup & delivery orders online anytime. eDispatch™ also enables customers to check and receive order status via wireless devices (cell phones and PDAs) or any web browser. eDispatch™ is currently deployed and in use in Thailand, Malaysia, Vancouver, CA, and the US.

Figure 9: eDispatch™ Courier Software

eSpherical.com develops, supports and manages several Business Productivity Tools designed to reduce business operational costs through improved efficiency. These tools can be accessed from anywhere in the world with a mobile or WiFi connection. Our most popular productivity tools include our Online Time and Attendance software, Online Project Management and Invoicing software, Online Customer Relationship Management software and our Mobile Data Access and Data Analyzer tools.

Figure 10: Online Time & Attendance Software Portal

eSpherical.com develops, implements, and manages comprehensive web-based software and online web portals for performance management, performance tracking, performance metrics, user management, and data sharing applications.

Our most recent software projects and solutions include comprehensive analytical tools and portals for the U.S. Department of the Interior, the U.S. Department of Agriculture, and the U.S. Department of Commerce. Our performance management tools allow managers and staff to find areas of improvement and to maximize the efficiency of their workforce and operations. Our tools are used to meet the Presidential Management Agenda which requires U.S. Federal agencies to streamline operations and reduce duplication and improve operational performance.

Figure 11: Performance Management Software

eSpherical.com creates, manages and supports software products for the U.S. Federal Government as well as commercial business in the US, Thailand, Malaysia, and Canada. Our recent key projects and clients are detailed in the following subsections.

eSpherical.com has a proud record of award-winning software. Several of our software portals have been selected for recognition by the U.S Federal government. In particular, in 2002 our Volunteer software portal was featured at a special White House ceremony for the unveiling of the USA Freedom Corps initiative. Our Recreation.gov portal has twice won special awards for usability, functionality, and for e-government excellence.

eSpherical.com provides online secure transaction portals, performance management software, budgeting software and auditing & program tracking software for the U.S. Federal Government. We are currently supporting software programs with the following Federal agencies:

1. U.S. Department of the Interior — https://www.doi.gov/.
   • Management Information Tracking System: performance software.
   • Recreation.gov: transaction software for 15 federal, state, and local agencies.
   • Volunteer.gov: transaction portal for multiple government and NGO partners.
   • Strategic Planning System: planning and management software.
   • Credit Card Processing Software: National Business Center ($350,000+ USD/Month credit card funds processed).
2. U.S. Department of Agriculture — https://www.usda.gov.
   • Management Information Tracking System: performance software.
   • Budget Tracking System: financial performance software.
   • Audit Tracking System: Internal financial audit tracking software for management tracking and reporting to the U.S. Congress.
   • Training and Support: program training, support, and maintenance services.
3. Executive Office of the President, Office of Management & Budget — https://www.whitehouse.gov/omb/.
   • Management Information Tracking System: performance software consulting.
4. U.S. Minerals Management Service — https://www.boem.gov/.
   • Audit Tracking System: audit tracking software.

★ Our customers' quotes about our software and services:

eSpherical has made the difference at the US Department of the Interior in helping us realize the plans we had for integrating, managing, and analyzing different types of information across multiple organizations. Their technical skill and savvy goes further than just system design and operations, and have produced tools that help us more readily and effectively use the data in practice. In addition to their technical capabilities they have always demonstrated an interest in our project and a commitment to making it work effectively both at roll out and throughout continued operations.

Richard T. Beck
Director
Office of Planning and Performance Management
U.S. Department of the Interior

I would highly recommend Espherical as a partner in your project. Espherical has been very responsive to our IT needs in an aggressive, fast-paced political environment. They have always been on time and on budget. Espherical worked closely together with us to achieve the visions of e-Gov in the Federal Government and worked within the OMB security framework. Espherical was an excellent member of our team.

James C. Hurban
Office of Performance and Personnel Management
Executive Office of the President
Office of Management and Budget

I have been impressed with eSperical's ability to work with staff to take an existing system, MITS, and customize it to fit USDA's needs. This project was invaluable in that it allows management to easily monitor key management initiatives and given our efforts to not "recreate the wheel" in order to save taxpayer dollars, the project as a whole was worth the investment.

Jennifer Cervantes-Eggers
Sr. Advisor to the Secretary
U.S. Department of Agriculture

In December 2004, eSpherical.com signed a contract agreement with AirAsia.com Bhd. to provide Mobile airline reservations (bookings) and credit card payments through our mobile mCommerce™ software. Our software for AirAsia.com is the first fully mobile phone airline reservations and payment systems in the world. This software allows any mobile phone user anywhere in the world to check availability and fares, book flights, and pay for bookings with a credit card. Transactions can be made with any GPRS mobile phone through our secure 128-bit SSL dedicated and encrypted transaction server. Our mobile sales have increased 200%+ on average each year of operation. In addition, our software has helped AirAsia become the leading air carrier in its segment in SE Asia.

In May 2006, eSpherical.com signed a contract agreement with InterGlobe Aviation to provide Mobile airline reservations (bookings) and credit card payments through our mobile mCommerce™ software to IndiGo Airlines based in Delhi, India. Our IndiGo Airways mobile portal is a success by providing more access to customers in India. We have helped IndiGo become the technology leader in the Indian Airline industry and we have helped IndiGo save costs in a fiercely competitive domestic market. Our secure mobile payment software allows for mobile credit card payments as well as "pay later" functions for customers to pay cash at ATM machines or other retail outlets. Based on our current growth statistics for India, we project a record-setting year in mobile sales for IndiGo for 2008.

Since 2001, eSpherical.com has provided software development and support services to MasJiwa Sdn. Bhd. in Malaysia for our eDispatch™ courier and logistics management software. This software is a complete online courier and dispatch management application which allows customers to schedule, track and pay for courier-based services. Our software also includes a secure online credit card payment module (via Commerce Payment Sdn. Bhd.) as well as online Prepaid Dispatch card redemption. eDispatch™ can also be accessed with any mobile device and also includes a mobile credit card payment module which uses Commerce Payment Sdn. Bhd. as the payment gateway.

In February 2005, eSpherical.com licensed our eDispatch™ software to a Legal Courier (Legal Zoom Courier and Court Registry Services) in Vancouver, Canada.

eSpherical.com is headquartered in Washington, DC USA. Our offices are strategically located within walking distance of key Federal Agencies. Through our Thai operating affiliate, eSpherical (Thailand) Co., Ltd., we also have offices in Bangkok, Thailand and operate under a special promotion from the Thai Board of Investment. Our physical and mailing addresses are as follows:

eSpherical.com, Inc. 1310 19th Street NW Suite 100 Washington, DC 20036

eSpherical (Thailand) Co., Ltd. 1 South Sathorn Road, Lumpini Building 27th Floor Bangkok, Thailand 10120

eSpherical.com software platform includes a comprehensive, secure, industry-leading mobile banking portal for Bangkok Bank. Our mobile portal the highest level of security available in the mobile industry as well as the most advanced mobile banking portal features available. Specifically, our platform includes a collection of AI tools for managing customer identity, advanced threat detection, and analytical dawshboards for greater business insight.

Our portal framework consists of a web front-end client wprocessor hich allows mobnile access to any device and which provides easier access for customers and easier customization for Bangkok Bank.

Accordingly, we provide a secure web-based mobile portal based on the Microsoft® .NET platform for Bangkok Bank hosted within the Bangkok Bank existing secure data center. The advantages of our proposed mobile portal platform configuration include the following:

1. Advanced mobile technology; industry’s best in class.
2. Rapid and cost effective development and mobile deployment.
3. Available to all mobile devices.
4. Integrated Arcot® RiskForte™ digital authentication security software.
5. Integrated backend mobile data triple DES data encryption.
6. Simple and convenient for Bangkok Bank customers.
7. Integrated SMS/MMS notifications to customers and Bangkok Bank administrators.
8. Multiple language support (Thai, English, others as requested).
9. Fast and interactive mobile portal updates for Bangkok Bank administrators.
10. Scaleable robust platform for future growth and enhancements.
11. Support from global software leader, Microsoft®, and industry leaders eSpherical.com and Arcot®.
12. Secure and integrated Identity Access Management (IAM) processes and algorithms for threat vector deterrence, authorized user management and access, and system audit requirements.

The Bangkok Bank mobile portal will be designed to enhance existing Bualuang iBanking features and functions to provide Bangkok Bank customers with seamless and efficient banking access via the mobile channel. A proposed top-level feature layout is shown in figure #1 below. Blue colored items are mobile portal pages, other colors represent backend security checks, processes or optional features.

Figure 1: Mobile Portal Layout

Using the .NET mobile platform for Bangkok Bank Mobile, custom content will be delivered to each customer based on the customer device mobile profile. This allows for a more rich experience for customers with Windows® Mobile, SmartPhone, BlackBerry®, iPhone® and other PDA-based devices while also delivering complete content to customers with more standard-featured mobile devices. This dynamic content delivery is automatically processed via our .NET mobile software suite. This also allows for the seamless integration of new mobile devices that will become available to Bangkok Bank customers in the future. A sample mobile portal view for Bangkok Bank is shown in figure #2.

Figure 13: Sample Mobile Bangkok Bank Portal

The Bangkok Bank mobile home page will include key information links which are helpful for all customers as well as potential customers. These links will be integrated with Bangkok Bank’s existing online portal and include the following:

1. Bangkok Bank rates and Forex.
2. Bangkok Bank products and services.
3. Bangkok Bank ATM and branch location finder.
4. Bangkok Bank key contacts (direct dial from mobile portal).
5. About Bangkok Bank mobile portal.

The eSpherical.com mobile portal software will allow Bangkok Bank authorized IT staff to easily update the information on the home page links as needed and as products and services and locations are added and modified. This allows for efficient content and information management at the Bank level.

The mobile Account Access page is integrated with Bangkok Bank existing iBanking information and includes links to authorized customers' existing account information including the following:

1. View balances (savings, current, fixed-deposit, loan, and credit card).
2. View recent transactions. Track the movements of current, savings, and fixed-deposit accounts.
3. View credit card statements and transactions over the last three months.
4. View the repayment history of loan accounts to see remaining principal repaid transactions for the last twelve months.

The mobile Pay Bills page is integrated with Bangkok Bank existing iBanking information and includes the complete list of Bangkok Bank payees. Authorized customers can perform the following functions with the mobile Pay Bills page:

1. View a list of payees (including credit cards) and make payments.
2. Schedule payment dates for recurring bills.
3. View payment history for individual payees.

The mobile Funds Transfer page is integrated with Bangkok Bank existing iBanking information and includes a list of approved beneficiaries (Bangkok Bank and other local banks) as well International Banks (SWIFT codes, account information, etc.). Authorized customers can perform the following functions with the mobile Funds Transfer page:

1. Transfer funds between your Bangkok Bank accounts.
2. Transfer funds from your account to someone else’s Bangkok Bank account.
3. Transfer funds to accounts at other banks.
4. Instantly add 3rd parties accounts.
5. Send an SMS message to notify funds transfer recipients.
6. International Funds Transfer(*).
1. Transfer of expenses for education overseas.
2. Transfer of expats' savings working in Thailand.
3. Transfer of money to relatives or family with permanent residency in another country.

The mobile Mutual Funds page is integrated with Bangkok Bank existing iBanking information and allows authorized customers to invest in mutual funds by performing the following functions with the mobile Mutual Funds page:

1. Purchase, redeem or switch orders for mutual funds units.
2. Check the status of account holder mutual funds units.

The mobile Cheque Services page is integrated with Bangkok Bank existing iBanking information and allows authorized customers to perform the following:

1. Suspend your cheque payments.
2. View the list of cheques issued that have been returned over the last two months.
3. View the list of cheques deposited into your accounts that have been returned over the past two months.

The mobile Promotions page allows authorized Bangkok Bank administrators to add and edit strategic bank promotions through an easy-to-use administrative web portal. The eSpherical.com mobile banking software can also integrate with Bangkok Banks existing online promotions, Whats New, and deliver these promotions to mobile customers. These promotions can be made available exclusively to the mobile channel if desired. Promotions can be tailored to specific customers, both registered logged in customers and general customers browsing the mobile portal. Promotions could include the following popular items:

1. Rewards offered to preferred selected bank mobile customers.
2. e-Voucher discounts for mobile-channel customers from preferred local vendors (dining, insurance, movies, airlines etc.)
3. Privileges to preferred mobile customers.
4. New offers specially targeted to mobile banking customers only (example: spe-cial flight promotions on Thai Airways or Nok air when using the Be 1^st Credit Card).

The mobile My Settings page allows authorized customers to modify some of their information including contact and email details as well as set their SMS notification preferences. SMS notifications can be set for bill due dates, account balance warnings, transfer status, and other items. The My Settings page also provides help menus for customers to get additional help about each of the specific mobile features.

The following chapters of this proposal include technical details about the eSpherical.com mobile banking software as well as our proposed system architecture, security, and ongoing support and enhancement services.

The following chapters of this proposal include technical details about the eSpherical.com mobile banking software as well as our proposed system architecture, security, and ongoing support and enhancement services.

eSpherical.com is proposing a leading-edge secure and comprehensive mobile banking portal and software suite for Bangkok Bank. Our proposed model includes key processes and design details to ensure a successful mobile banking portal for Bangkok Bank. Key details include the following:

1. Deployment of an advanced secure .NET customizable web front end mobile portal.
2. Integration with Arcot Corporation RiskForte™ digital authentication software.
3. Integration with VeriSign® 128-bit SSL digital server certificates.
4. Integration with Microsoft® Windows servers and SQL Server® mobile databases.
5. Deployment of triple DES data encryption in SQL Server® for selected mobile data.
6. System Independent Verification and Validation (IVV) audit by 3rd party security firm (Disys Corporation) prior to deployment.

The following sections of this proposal provide technical details about our proposed mobile banking portal for Bangkok Bank.

The mobile banking module can be thought of in terms of three primary Functional Areas where the software performs a series of Functional Processes based on a given set of business rules. The functional areas include:

1. Customer Area (mobile devices; internet; WAP connections).
2. Service Broker Area (mobile transaction processor; Bangkok Bank).
3. Financial Institution Area (Bangkok Bank server).

There are five primary Functional Processes which the mobile banking module performs. These functional processes include:

1. Customer Login Process.
2. Customer Validation & Authentication Process.
3. Presentation of Transaction to Customer.
4. Transaction Processing.
5. Transaction Acceptance & Completion.

Each functional area is integrated through a series of secure connections to permit a secure login and transaction process. Figure #14 below is a general diagram of these functional areas. Detailed explanations are included in the following sections.

Figure 14: Mobile Banking Software Web Service Functional Areas

In reference to Figure #14 , the Functional Areas and Processes for the mobile banking software are described in accordance with the corresponding numbers in the figure.

Figure #15 is a diagram of the standard technical processes required for mobile transactions. Each of these steps is described in detail in the following sections.

Figure 15: Mobile Banking Software Web Service Functional Processes

The first step of the mobile transaction process involves the customer login. Customer login occurs on the transaction server via a login page formatted for the connected mobile device. The login process includes a series of security filters and security checks; these checks and filters are designed to ensure the integrity of the connected device and to validate the origin of the login process. Specifically, the following parameters are validated on the connected customer and validated with the transaction server credentials:

1. Customer Origin: the referring page from which the customer has requested the login. This security check ensures that the login request is from the Bangkok Bank transaction server. No other origin is allowed; the login is terminated if the customer origin not via the transaction server page. This prevents page hijacking or spoofing.
2. Customer Session Variable: the transaction server checks the connected customer for a session variable from the transaction server. If this session variable is not present, the login is terminated. This session variable check prevents page hijacking or spoofing.

A If the above three security filters and checks are successfully validated, the connected customer (mobile device) is presented with the Bank login page. The login page is pre-sented only over an SSL connection. In the event an SSL connection is not made, the client is automatically redirected to port 443 for a secure connection. The customer is also presented with a Locked Icon with the words Secure if the connection is secure. If the connection is NOT secure, the Lock Icon is open and the warning Not Secure — Stop is shown to the customer and the login button is disabled. This lock is also bound to the transaction server IP. If a secure connection cannot be established, the login process is terminated.

If all the security filters and checks for Step 1 are met, the customer login page is sent via an encrypted https Post method to the Bank security stack.