This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Secure Internet Banking Authentication
March/April 2006 (vol. 4 no. 2)
pp. 21-29
Alain Hiltgen, UBS AG
Thorsten Kramp, IBM Zurich Research Laboratory
Thomas Weigold, IBM Zurich Research Laboratory
This article classifies common Internet banking authentication methods regarding potential threats and their level of security against common credential stealing and channel breaking attacks, respectively. The authors present two challenge/response Internet banking authentication solutions, one based on short-time passwords and one certificate-based, and relate them to the taxonomy above. There further outline how these solutions can be easily extended for nonrepudiation (that is, transaction signing), should more sophisticated content manipulation attacks become a real problem. Finally, they summarize their view on future requirements for secure Internet banking authentication and conclude by referencing real-live implementations.
Index Terms:
Internet banking, authentication, short-time passwords, short-lived passwords, public-key certificates, taxonomy of attacks
Citation:
Alain Hiltgen, Thorsten Kramp, Thomas Weigold, "Secure Internet Banking Authentication," IEEE Security & Privacy, vol. 4, no. 2, pp. 21-29, March-April 2006, doi:10.1109/MSP.2006.50
Usage of this product signifies your acceptance of the Terms of Use.