Author | Conference | Journal | Organization | Year | DOI
Look for results that meet for the following criteria:

Keywords (1)

Academic
Publications
QR-TAN: Secure Mobile Transaction Authentication
Edit
QR-TAN: Secure Mobile Transaction Authentication   (Citations: 4)
BibTex | RIS | RefWorks Download
Abstract The security of electronic transactions depends,on the security of the user’s terminal. An insecure terminal may allow an attacker to create or manipulate,transactions. Several techniques have been developed that help to protect transactions performed over insecure terminals. TAN codes, security tokens, and smart cards prevent an attacker who obtained,the user’s password,from signing transactions under the user’s identity. However, usually these techniques do not allow a user to assert that the content of a transaction has not been manipulated. This paper contributes with the QR-TAN authentication technique. QR-TANs are a transaction authentication tech- nique based on two-dimensional barcodes. Compared,to other established techniques, QR-TANs show three advan- tages: First, QR-TANs allow the user to directly validate the content of a transaction within a trusted device. Second, validation is secure even if an attacker manages,to gain full control over a user’s computer. Finally, QR-TANs in combination,with smart cards can also be utilized for offline transactions that do not require any server.
Conference: Availability, Reliability and Security - IEEEARES , pp. 578-583, 2009
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
    • ...Messages between smart cards and bidders are secured with QR-TANs [6]...

    Guenther Starnbergeret al. Using Smart Cards for Tamper-Proof Timestamps on Untrusted Clients

    • ...– A second extension to our protocol that uses QR-TANs (Quick Response – Transaction Authentication Number) [3] instead of a TPM...
    • ...This is conceptually similar to our QR-TAN approach [3]...
    • ...Thus, the smart card issuer can mandate additional security measures such as the authentication over a TPM (Sect. 5) or QR-TANs [3] (Sect...
    • ...This section presents the second option to increase the security of the proxy, by extending our system with QR-TANs [3]...
    • ...In comparison to our original QR-TAN approach [3], our modifications allow the use of QR-TANs without the interaction of a server...

    Guenther Starnbergeret al. A Generic Proxy for Secure Smart Card-Enabled Web Applications

    • ...The phone uses HMAC and a counter value to generate a response as a string of six characters that the user manually enters on the website and that is sent to the server together with the transaction data, proving that it is unmodified [21]...

    Anna Vapenet al. 2-clickAuth

    • ...• Step 7 ‐ preventing phishers from getting the stolen money, or catching phishers: transaction authentication, intentional transaction delay, law enforcement, and so on. Limitations: Transaction authentication is a second defence in addition to user authentication, which normally needs either an additional hardware device [18], [19] or an additional trusted channel (like the cellular network) [20], thus leading to higher implementation ...

    Shujun Liet al. A novel anti-phishing framework based on honeypots

Order by:

Citations (4)

Share this on | Contribute to Academic