E-Banking Authentication - Dynamic Password Generators and Hardware Tokens
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F22%3APU145736" target="_blank" >RIV/00216305:26230/22:PU145736 - isvavai.cz</a>
Výsledek na webu
<a href="https://europen.cz/Anot/54-1/sbornik-54.pdf" target="_blank" >https://europen.cz/Anot/54-1/sbornik-54.pdf</a>
DOI - Digital Object Identifier
—
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
E-Banking Authentication - Dynamic Password Generators and Hardware Tokens
Popis výsledku v původním jazyce
In our recent work we presented an overview of current authentication methods, their properties with respect to international standards, and their resistance against attacks from defined attacks taxonomy (compatible with NIST Digital Identity Guidelines). With the Payment Services Directive (PSD2) for European Union coming into force, we believe it is necessary to revise compliance of currently available schemes. The concepts enforced by PSD2 to the area of client authentication are two factor authentication (with requested factor independence), strong customer authentication (SCA), the dynamic linking of the authentication code to the transactions beneficiary and amount, and cloning protection. The most common means of achieving the compliance is the usage of Dynamic Password Generators (DPG) or dedicated Hardware Tokens. DPG is usually a mobile application generating one-time passwords (OTP) and often implementing a challenge-response protocol. We discuss the features of possible DPG implementations both when included in the e-banking application or as a stand-alone, and look into usage of special cryptographic chips in mobile phones - secure enclaves. Hardware Tokens are less frequent in e-banking nowadays, but start to get more traction especially in web services which require two factor authentication. FIDO2 protocol consisting of W3C (World Wide Web Consortium) open web standard WebAuthn and CTAP2 is becoming the de facto standard for using secure hardware and biometrics for authentication in a web environment as it is implemented in all major browsers. We present the key features of FIDO2 protocol and how it can be utilized in e-banking or other web services and illustrate examples of some banking institutions using the FIDO standards for e-banking authentication.
Název v anglickém jazyce
E-Banking Authentication - Dynamic Password Generators and Hardware Tokens
Popis výsledku anglicky
In our recent work we presented an overview of current authentication methods, their properties with respect to international standards, and their resistance against attacks from defined attacks taxonomy (compatible with NIST Digital Identity Guidelines). With the Payment Services Directive (PSD2) for European Union coming into force, we believe it is necessary to revise compliance of currently available schemes. The concepts enforced by PSD2 to the area of client authentication are two factor authentication (with requested factor independence), strong customer authentication (SCA), the dynamic linking of the authentication code to the transactions beneficiary and amount, and cloning protection. The most common means of achieving the compliance is the usage of Dynamic Password Generators (DPG) or dedicated Hardware Tokens. DPG is usually a mobile application generating one-time passwords (OTP) and often implementing a challenge-response protocol. We discuss the features of possible DPG implementations both when included in the e-banking application or as a stand-alone, and look into usage of special cryptographic chips in mobile phones - secure enclaves. Hardware Tokens are less frequent in e-banking nowadays, but start to get more traction especially in web services which require two factor authentication. FIDO2 protocol consisting of W3C (World Wide Web Consortium) open web standard WebAuthn and CTAP2 is becoming the de facto standard for using secure hardware and biometrics for authentication in a web environment as it is implemented in all major browsers. We present the key features of FIDO2 protocol and how it can be utilized in e-banking or other web services and illustrate examples of some banking institutions using the FIDO standards for e-banking authentication.
Klasifikace
Druh
D - Stať ve sborníku
CEP obor
—
OECD FORD obor
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Návaznosti výsledku
Projekt
—
Návaznosti
S - Specificky vyzkum na vysokych skolach
Ostatní
Rok uplatnění
2022
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název statě ve sborníku
Sborník příspevků z 54. konference EurOpen.CZ, 28.5.-1.6.2022
ISBN
978-80-86583-34-1
ISSN
—
e-ISSN
—
Počet stran výsledku
11
Strana od-do
211-221
Název nakladatele
Czech Open Systems User's Group
Místo vydání
Radešín
Místo konání akce
Radešín
Datum konání akce
29. 5. 2022
Typ akce podle státní příslušnosti
CST - Celostátní akce
Kód UT WoS článku
—