Paper Presentation & Seminar Topics: A Two-Factor Mobile Authentication Scheme for Secure Financial Transactions

A Two-Factor Mobile Authentication Scheme for Secure Financial Transactions

Abstract:

Many authentication schemes are based on parties possessing cryptographic keys often held on smart cards or other tamper-proof devices. Modern portable devices (e.g. PDAs, Smartphone’s) are enriched with advanced functionalities and thus could soon become both the preferred portable computing device (there by substituting laptop computers) and a personal trusted device. This paper presents a novel two-factor authentication scheme whereby a Bluetooth-enabled handheld device is used to enforce basic password based authentication thus improving convenience and usability. The main building block is a simple and efficient two-party authentication protocol based on a shared string (including the case of low entropy human memorable passwords) and on well known cryptographic primitives. The discussion relates to the banking sector but our scheme is readily adaptable to other more general contexts.