AlZomai et al., 2008 - Google Patents
Strengthening sms-based authentication through usabilityAlZomai et al., 2008
View PDF- Document ID
- 17181558349450507070
- Author
- AlZomai M
- Josang A
- McCullagh A
- Foo E
- Publication year
- Publication venue
- 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications
External Links
Snippet
Current state-of-the art solutions for online banking authentication and identity management include methods for re-authenticating users via out-of-band channels for each transaction. SMS-based schemes belong to this category, and can provide strong authentication to …
- 238000005728 strengthening 0 title description 3
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATIONS NETWORKS
- H04W12/00—Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0827—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATIONS NETWORKS
- H04W12/00—Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATIONS NETWORKS
- H04W12/00—Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
- H04W12/12—Fraud detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATIONS NETWORKS
- H04W12/00—Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
- H04L63/083—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATIONS NETWORKS
- H04W12/00—Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
- H04W12/04—Key management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATIONS NETWORKS
- H04W12/00—Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or paths for security, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/065—Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATIONS NETWORKS
- H04W4/00—Mobile application services or facilities specially adapted for wireless communication networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATIONS NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/02—Access restriction performed under specific conditions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATIONS NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATIONS NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
- H04W8/24—Transfer of terminal data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/54—Store-and-forward switching systems
- H04L12/58—Message switching systems, e.g. electronic mail systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—Arrangements for user-to-user messaging in packet-switching networks, e.g. e-mail or instant messages
- H04L51/38—Arrangements for user-to-user messaging in packet-switching networks, e.g. e-mail or instant messages in combination with wireless systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers; Analogous equipment at exchanges
- H04M1/66—Substation equipment, e.g. for use by subscribers; Analogous equipment at exchanges with means for preventing unauthorised or fraudulent calling
- H04M1/667—Preventing unauthorised calls from a telephone set
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Mannan et al. | Using a personal device to strengthen password authentication from an untrusted computer | |
Jøsang et al. | Security usability principles for vulnerability analysis and risk assessment | |
US9038196B2 (en) | Method for authenticating a user requesting a transaction with a service provider | |
US8356333B2 (en) | System and method for verifying networked sites | |
Wang et al. | Vulnerability assessment of oauth implementations in android applications | |
Mannan et al. | Leveraging personal devices for stronger password authentication from untrusted computers | |
US20090055642A1 (en) | Method, system and computer program for protecting user credentials against security attacks | |
US20140281539A1 (en) | Secure Mobile Framework With Operating System Integrity Checking | |
US20100257359A1 (en) | Method of and apparatus for protecting private data entry within secure web sessions | |
JP2011515961A (en) | Authentication storage method and authentication storage system for client side certificate authentication information | |
Yoo et al. | Case study of the vulnerability of OTP implemented in internet banking systems of South Korea | |
Panja et al. | Cybersecurity in banking and financial sector: Security analysis of a mobile banking application | |
US10834074B2 (en) | Phishing attack prevention for OAuth applications | |
Al Zomai et al. | An Experimental Investigation of the Usability of Transaction Authorization in Online Bank Security Systems. | |
San Martino et al. | Phishing Secrets: History, Effects, Countermeasures. | |
Li et al. | hPIN/hTAN: A lightweight and low-cost e-banking solution against untrusted computers | |
AlZomai et al. | Strengthening sms-based authentication through usability | |
Kim et al. | On the security of internet banking in south korea | |
JP4921614B2 (en) | Method and system for preventing man-in-the-middle computer hacking techniques | |
Lodderstedt et al. | RFC 9700: Best Current Practice for OAuth 2.0 Security | |
Hackenjos et al. | FIDO2 with two displays-Or how to protect security-critical web transactions against malware attacks | |
Cobourne et al. | Using the smart card web server in secure branchless banking | |
Johnson | A new approach to Internet banking | |
Kiljan et al. | What you enter is what you sign: Input integrity in an online banking environment | |
San Martino et al. | A model for securing e-banking authentication process: antiphishing approach |