1 / 4

SmartOpenID for Online-Banking

SmartOpenID for Online-Banking. Why… . According to my own experience, the online-banking on the smart phone is really needed But the normal login process with the handy is really hard The paper TAN should be there Malicious software in the phone …

selah
Download Presentation

SmartOpenID for Online-Banking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SmartOpenID for Online-Banking

  2. Why… • According to my own experience, the online-banking on the smart phone is really needed • But the normal login process with the handy is really hard • The paper TAN should be there • Malicious software in the phone … But it’s not possible to (or should not) use the traditional OpenID for online-banking due to the danger of phishing and other issues.

  3. How? Create a “SecureSmartOpenID” base on the normal SmartOpenID: • The online bank shares a secret with the network OpenID Provider (the bank should register by the OpenID Provider) • At first the SIM app does not contain this secret and corresponding bank • The login of the online bank is the same as other websites with SmartOpenID • After login, the SIM app will ask for the signature of the online bank by sending a random string. If the SIM discovers that it does not contain the secret of this bank, then it should ask for the network OpenID Provider to update this secret with OTA. • Then the SIM app will verify the online bank with the received signature

  4. How? Create a “SecureSmartOpenID” base on the normal SmartOpenID: • For the first time, the user’s bank account is not yet associated to the OpenID account • The online bank will ask the user to supply the bank account, online PIN. After verification, the bank account will be associated. The user should also be able to require the deletion of this association • For a transfer, an eTan should be used. • The eTan will be encrypted and transferred. Each time n eTan can be transferred. When they are used out, then the SIM app should ask for new ones. (or with OTA? But still from online bank?) • To enhance the security, a second PIN can be used when SIM app tries to send an eTan to finish the transfer

More Related