[17945] in cryptography@c2.net mail archive
Re: the limits of crypto and authentication
daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Tue Jul 19 15:55:24 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 19 Jul 2005 13:20:47 -0600
From: Anne & Lynn Wheeler <lynn@garlic.com>
To: Jaap-Henk Hoepman <jhh@cs.ru.nl>
Cc: cryptography@metzdowd.com
In-Reply-To: <82mzojdlad.fsf@smtp.xs4all.nl>
Jaap-Henk Hoepman wrote:
> Actually, Dutch banks already give users the option to recieve one-time
> pass-codes by SMS to authenticate internet banking transactions (instead of
> sending a list of those codes on paper by ordinary mail in advance). So it's
> less unrealistic than you think.
there is also the EU bank challenge/response scenario (requires two-way
communication protocol chatter). the customer initiates a transaction
... on the internet or even over (voice) phone. the bank responds with a
challenge which is entered into a calculator sized device and the
display comes back with the response. the response then is either typed
or the keyboard (or the phone keypad).
basically it is a relatively dumb pin-pad sleave that a chipcard slips
into ... some old post visiting the company that makes the devices:
http://www.garlic.com/~lynn/2001g.html#57 Q: Internet banking
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
