[16653] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Banks Test ID Device for Online Security

daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Thu Jan 6 19:50:19 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 06 Jan 2005 06:52:30 -0700
From: Anne & Lynn Wheeler <lynn@garlic.com>
To: Bill Stewart <bill.stewart@pobox.com>
Cc: "R.A. Hettinga" <rah@shipwright.com>, cryptography@metzdowd.com
In-Reply-To: <20050105032142.7E8D4F2CB@red.metdow.com>

oh, and this is old discussion of a unit that has been in use in europe 
... it basically is very inexpensive calculator with 7816 contacts that 
you can slip a smartcard into. it is used in a challenge/response 
scenario, a numeric keypad is used to enter the challenge, which is
passed to the smartcard, which does something and the response is 
displayed. the person enters the displayed response.
http://www.garlic.com/~lynn/2001g.html#57 Q: Internet banking

works with anything that can present a challenge and has a numeric 
keypad for the response (even works over telephone with VRU).

note that in any online scenario ... the server-side can do security 
proportional to risk by making a decision to ask or not ask for 
additional inputs. possible scenario is bill pay in home banking, use
authentication for initial access and then if total transactions exceed 
some value ... ask for additional authentication input (trading off 
convenience and risk, in online scenario it doesn't need to be all just 
one way or another way, there is some amount of latitude for adaptive 

Note that the additional authentication input can also be used for 
interpreting the (human specific) input as evidence of approval for the 
transaction(s) as opposed to simply authentication.

other pieces of the previous mentioned thread on security proportional 
to risk:
http://www.garlic.com/~lynn/aepay7.htm#netbank net banking, is it safe?? 
... power to the consumer
http://www.garlic.com/~lynn/aepay7.htm#netbank2 net banking, is it 
safe?? ... security proportional to risk
http://www.garlic.com/~lynn/2001g.html#57 Q: Internet banking
http://www.garlic.com/~lynn/2001h.html#53 Net banking, is it safe???
http://www.garlic.com/~lynn/2001h.html#58 Net banking, is it safe???
http://www.garlic.com/~lynn/2001h.html#61 Net banking, is it safe???
http://www.garlic.com/~lynn/2001h.html#62 Net banking, is it safe???
http://www.garlic.com/~lynn/2001h.html#64 Net banking, is it safe???
http://www.garlic.com/~lynn/2001h.html#68 Net banking, is it safe???
http://www.garlic.com/~lynn/2001h.html#70 Net banking, is it safe???
http://www.garlic.com/~lynn/2001h.html#75 Net banking, is it safe???
http://www.garlic.com/~lynn/2001i.html#9 Net banking, is it safe???
http://www.garlic.com/~lynn/2001i.html#10 Net banking, is it safe???
http://www.garlic.com/~lynn/2001i.html#16 Net banking, is it safe???
http://www.garlic.com/~lynn/2001i.html#25 Net banking, is it safe???
http://www.garlic.com/~lynn/2001i.html#35 Net banking, is it safe???
http://www.garlic.com/~lynn/2001i.html#36 Net banking, is it safe???

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post