数字支付系统中多因素认证的系统回顾：NIST标准校准和行业实施分析

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture Pub Date : 2025-03-26 DOI:10.1016/j.sysarc.2025.103402

Phat T. Tran-Truong , Minh Q. Pham , Ha X. Son , Dat L.T. Nguyen , Minh B. Nguyen , Khiem L. Tran , Loc C.P. Van , Kiet T. Le , Khanh H. Vo , Ngan N.T. Kim , Triet M. Nguyen , Anh T. Nguyen

{"title":"数字支付系统中多因素认证的系统回顾：NIST标准校准和行业实施分析","authors":"Phat T. Tran-Truong , Minh Q. Pham , Ha X. Son , Dat L.T. Nguyen , Minh B. Nguyen , Khiem L. Tran , Loc C.P. Van , Kiet T. Le , Khanh H. Vo , Ngan N.T. Kim , Triet M. Nguyen , Anh T. Nguyen","doi":"10.1016/j.sysarc.2025.103402","DOIUrl":null,"url":null,"abstract":"<div><div>This survey presents a systematic evaluation of Multi-Factor Authentication (MFA) practices in digital payment systems, analyzing their alignment with NIST Special Publications 800-63 guidelines. Through a comprehensive review of 70 academic papers published between 2017–2024 and 13 industry-based authentication tools, we examine how current implementations measure against Identity Assurance Level (IAL) and Authentication Assurance Level (AAL) standards. Our analysis reveals a significant gap between theoretical capabilities proposed in academic research and actual industry implementations, with 33% of tools relying primarily on OTP-based authentication despite more advanced methods being available. The survey identifies emerging trends like biometric authentication adoption (60% of analyzed papers) and varying regulatory compliance across sectors, with payment systems demonstrating 77% alignment with standards while IoT and E-Service domains show fragmented approaches. We propose a framework for developing adaptive authentication systems that balance security requirements with user experience through context-aware risk assessment. This work provides valuable insights for researchers, practitioners, and policymakers working to enhance the security and usability of digital payment authentication systems.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"162 ","pages":"Article 103402"},"PeriodicalIF":3.7000,"publicationDate":"2025-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A systematic review of multi-factor authentication in digital payment systems: NIST standards alignment and industry implementation analysis\",\"authors\":\"Phat T. Tran-Truong , Minh Q. Pham , Ha X. Son , Dat L.T. Nguyen , Minh B. Nguyen , Khiem L. Tran , Loc C.P. Van , Kiet T. Le , Khanh H. Vo , Ngan N.T. Kim , Triet M. Nguyen , Anh T. Nguyen\",\"doi\":\"10.1016/j.sysarc.2025.103402\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>This survey presents a systematic evaluation of Multi-Factor Authentication (MFA) practices in digital payment systems, analyzing their alignment with NIST Special Publications 800-63 guidelines. Through a comprehensive review of 70 academic papers published between 2017–2024 and 13 industry-based authentication tools, we examine how current implementations measure against Identity Assurance Level (IAL) and Authentication Assurance Level (AAL) standards. Our analysis reveals a significant gap between theoretical capabilities proposed in academic research and actual industry implementations, with 33% of tools relying primarily on OTP-based authentication despite more advanced methods being available. The survey identifies emerging trends like biometric authentication adoption (60% of analyzed papers) and varying regulatory compliance across sectors, with payment systems demonstrating 77% alignment with standards while IoT and E-Service domains show fragmented approaches. We propose a framework for developing adaptive authentication systems that balance security requirements with user experience through context-aware risk assessment. This work provides valuable insights for researchers, practitioners, and policymakers working to enhance the security and usability of digital payment authentication systems.</div></div>\",\"PeriodicalId\":50027,\"journal\":{\"name\":\"Journal of Systems Architecture\",\"volume\":\"162 \",\"pages\":\"Article 103402\"},\"PeriodicalIF\":3.7000,\"publicationDate\":\"2025-03-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Systems Architecture\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1383762125000748\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems Architecture","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1383762125000748","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

本调查提出了数字支付系统中多因素认证（MFA）实践的系统评估，分析了它们与NIST特别出版物800-63指南的一致性。通过对2017-2024年间发表的70篇学术论文和13种基于行业的身份验证工具的全面审查，我们研究了当前的实现如何针对身份保证级别（IAL）和身份验证保证级别（AAL）标准进行度量。我们的分析揭示了学术研究中提出的理论能力与实际行业实施之间的巨大差距，尽管有更先进的方法可用，但仍有33%的工具主要依赖基于otp的认证。该调查确定了新兴趋势，如生物识别认证的采用（占分析论文的60%）和不同行业的监管合规性，支付系统显示77%符合标准，而物联网和电子服务领域显示出碎片化的方法。我们提出了一个框架，用于开发自适应身份验证系统，通过上下文感知风险评估平衡安全需求和用户体验。这项工作为致力于提高数字支付认证系统的安全性和可用性的研究人员、从业者和政策制定者提供了有价值的见解。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A systematic review of multi-factor authentication in digital payment systems: NIST standards alignment and industry implementation analysis

This survey presents a systematic evaluation of Multi-Factor Authentication (MFA) practices in digital payment systems, analyzing their alignment with NIST Special Publications 800-63 guidelines. Through a comprehensive review of 70 academic papers published between 2017–2024 and 13 industry-based authentication tools, we examine how current implementations measure against Identity Assurance Level (IAL) and Authentication Assurance Level (AAL) standards. Our analysis reveals a significant gap between theoretical capabilities proposed in academic research and actual industry implementations, with 33% of tools relying primarily on OTP-based authentication despite more advanced methods being available. The survey identifies emerging trends like biometric authentication adoption (60% of analyzed papers) and varying regulatory compliance across sectors, with payment systems demonstrating 77% alignment with standards while IoT and E-Service domains show fragmented approaches. We propose a framework for developing adaptive authentication systems that balance security requirements with user experience through context-aware risk assessment. This work provides valuable insights for researchers, practitioners, and policymakers working to enhance the security and usability of digital payment authentication systems.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Systems Architecture 工程技术-计算机：硬件

CiteScore

8.70

自引率

15.60%

发文量

226

审稿时长

46 days

期刊介绍： The Journal of Systems Architecture: Embedded Software Design (JSA) is a journal covering all design and architectural aspects related to embedded systems and software. It ranges from the microarchitecture level via the system software level up to the application-specific architecture level. Aspects such as real-time systems, operating systems, FPGA programming, programming languages, communications (limited to analysis and the software stack), mobile systems, parallel and distributed architectures as well as additional subjects in the computer and system architecture area will fall within the scope of this journal. Technology will not be a main focus, but its use and relevance to particular designs will be. Case studies are welcome but must contribute more than just a design for a particular piece of software. Design automation of such systems including methodologies, techniques and tools for their design as well as novel designs of software components fall within the scope of this journal. Novel applications that use embedded systems are also central in this journal. While hardware is not a part of this journal hardware/software co-design methods that consider interplay between software and hardware components with and emphasis on software are also relevant here.