the limits of crypto and authentication
Anne & Lynn Wheeler
lynn at garlic.com
Tue Jul 19 15:20:47 EDT 2005
Jaap-Henk Hoepman wrote:
> Actually, Dutch banks already give users the option to recieve one-time
> pass-codes by SMS to authenticate internet banking transactions (instead of
> sending a list of those codes on paper by ordinary mail in advance). So it's
> less unrealistic than you think.
there is also the EU bank challenge/response scenario (requires two-way
communication protocol chatter). the customer initiates a transaction
... on the internet or even over (voice) phone. the bank responds with a
challenge which is entered into a calculator sized device and the
display comes back with the response. the response then is either typed
or the keyboard (or the phone keypad).
basically it is a relatively dumb pin-pad sleave that a chipcard slips
into ... some old post visiting the company that makes the devices:
http://www.garlic.com/~lynn/2001g.html#57 Q: Internet banking
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list