Secure Internet banking authentication
暂无分享,去创建一个
This article classifies common Internet banking authentication methods regarding potential threats and their level of security against common credential stealing and channel breaking attacks, respectively. The authors present two challenge/response Internet banking authentication solutions, one based on short-time passwords and one certificate-based, and relate them to the taxonomy above. There further outline how these solutions can be easily extended for nonrepudiation (that is, transaction signing), should more sophisticated content manipulation attacks become a real problem. Finally, they summarize their view on future requirements for secure Internet banking authentication and conclude by referencing real-live implementations
[1] Richard E. Smith,et al. Authentication: From Passwords to Public Keys , 2001 .
[2] Magnus Nyström. PKCS#15 - A Cryptographic Token Information Format Standard , 1999, Smartcard.
[3] Nick Feamster,et al. Dos and don'ts of client authentication on the web , 2001 .
[4] Bruce Schneier,et al. Two-factor authentication: too little, too late , 2005, CACM.