 |
    |
A Secure Mobile-Based Authentication System for e-Banking
Helena Rifà-Pous
Department of Computer Sciences, Multimedia and Telecommunication, Universitat Oberta de Catalunya (UOC), 08018 Barcelona, Spainhrifa@uoc.edu
Abstract. Financial information is extremely sensitive. Hence, electronic banking must provide a robust system to authenticate its customers and let them access their data remotely. On the other hand, such system must be usable, affordable, and portable. We propose a challenge-response based one-time password (OTP) scheme that uses symmetric cryptography in combination with a hardware security module. The proposed protocol safeguards passwords from keyloggers and phishing attacks. Besides, this solution provides convenient mobility for users who want to bank online anytime and anywhere, not just from their own trusted computers.
Keywords: One-time password, challenge-response authentication, mobile security, attacks
LNCS 5871, p. 848 ff.
lncs@springer.com
© Springer-Verlag Berlin Heidelberg 2009