{"title":"在线认证:在安全网络事务中保护客户端关键数据字段","authors":"Mark Currie","doi":"10.1109/ICASTECH.2009.5409720","DOIUrl":null,"url":null,"abstract":"Secure Internet services like online banking require a \"trusted terminal\" on the client-side. However, even where strong client-side security is employed, the client PC is often used for input and output of sensitive information like PINs/passwords, amounts, account numbers, etc. These transactions are therefore vulnerable to manipulation by malware. A method is presented here allowing web users to share small amounts of secret information including passwords and account numbers with a large number of existing Internet services by creating a cryptographically secure trusted path between the web user and the service. The trusted path is created with the support of a hand-held user terminal device \"in-the-wire\" between the user's PC and the service thus preventing malware on the user's PC from manipulating login and other sensitive data. A key feature is that the trusted terminal device can be retrofitted on the client-side and require no changes to the server-side. This creates a new class of client-centric communications security hardware allowing web users to protect their transactions using strong hardware security without relying on service providers. It offers the industry an alternative to the current service-centric approach which is often hamstrung by a chicken-and-egg problem of critical mass adoption.","PeriodicalId":163141,"journal":{"name":"2009 2nd International Conference on Adaptive Science & Technology (ICAST)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"In-the-wire authentication: Protecting client-side critical data fields in secure network transactions\",\"authors\":\"Mark Currie\",\"doi\":\"10.1109/ICASTECH.2009.5409720\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Secure Internet services like online banking require a \\\"trusted terminal\\\" on the client-side. However, even where strong client-side security is employed, the client PC is often used for input and output of sensitive information like PINs/passwords, amounts, account numbers, etc. These transactions are therefore vulnerable to manipulation by malware. A method is presented here allowing web users to share small amounts of secret information including passwords and account numbers with a large number of existing Internet services by creating a cryptographically secure trusted path between the web user and the service. The trusted path is created with the support of a hand-held user terminal device \\\"in-the-wire\\\" between the user's PC and the service thus preventing malware on the user's PC from manipulating login and other sensitive data. A key feature is that the trusted terminal device can be retrofitted on the client-side and require no changes to the server-side. This creates a new class of client-centric communications security hardware allowing web users to protect their transactions using strong hardware security without relying on service providers. It offers the industry an alternative to the current service-centric approach which is often hamstrung by a chicken-and-egg problem of critical mass adoption.\",\"PeriodicalId\":163141,\"journal\":{\"name\":\"2009 2nd International Conference on Adaptive Science & Technology (ICAST)\",\"volume\":\"8 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 2nd International Conference on Adaptive Science & Technology (ICAST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICASTECH.2009.5409720\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 2nd International Conference on Adaptive Science & Technology (ICAST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICASTECH.2009.5409720","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
In-the-wire authentication: Protecting client-side critical data fields in secure network transactions
Secure Internet services like online banking require a "trusted terminal" on the client-side. However, even where strong client-side security is employed, the client PC is often used for input and output of sensitive information like PINs/passwords, amounts, account numbers, etc. These transactions are therefore vulnerable to manipulation by malware. A method is presented here allowing web users to share small amounts of secret information including passwords and account numbers with a large number of existing Internet services by creating a cryptographically secure trusted path between the web user and the service. The trusted path is created with the support of a hand-held user terminal device "in-the-wire" between the user's PC and the service thus preventing malware on the user's PC from manipulating login and other sensitive data. A key feature is that the trusted terminal device can be retrofitted on the client-side and require no changes to the server-side. This creates a new class of client-centric communications security hardware allowing web users to protect their transactions using strong hardware security without relying on service providers. It offers the industry an alternative to the current service-centric approach which is often hamstrung by a chicken-and-egg problem of critical mass adoption.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
