Display Integrity Assurance for SMS Transaction Authorization
نویسندگان
چکیده
Secure online transactions with human users normally require visual display for verifying the correctness of central elements of the transaction before it is submitted. When commodity computer platforms get exposed to the Internet, even for a short period, there is a real and substantial risk that they become infected with malware that can modify anything on the computer, including what is displayed to the user and what is being sent over the Internet. This threat makes visual verification of transaction data unreliable and undermines other security mechanisms used to protect online transactions. This paper proposes a secure optical inspection technique for verifying the integrity of transaction data in online transactions. This technique provides protection against the highly advanced threat of a malware that manipulates transaction data as well as displayed data on the visual display of the client platform.
منابع مشابه
Enhancing Security System of Short Message Service for M-Commerce in GSM
Global System for Mobile (GSM) is a second generation cellular standard developed to cater voice services and data delivery using digital modulation. Short Message Service (SMS) is the text communication service component of mobile communication systems, using standardized communications protocols that allow the exchange of short text messages between mobile phone devices. SMS will play a very ...
متن کاملThe Starburst Rule System: Language Design, Implementation, and Applications
This short paper provides an overview of the Starburst Rule System, a production rules facility integrated into the Starburst extensible database system. The rule language is based on arbitrary database state transitions rather than tupleor statement-level changes, yielding a clear and exible execution semantics. The rule system was implemented rapidly using the extensibility features of Starbu...
متن کاملInformation Integrity Policies
Information integrity policies are traditionally enforced by access control mechanisms that prevent unauthorized users from modifying data. However, access control does not provide end-to-end assurance of integrity. For that reason, integrity guarantees in the form of noninterference assertions have been proposed. Despite the appeals of such information-flow based approaches to integrity, that ...
متن کاملSMS-Based One-Time Passwords: Attacks and Defense
SMS-based One-Time Passwords (SMS OTP) were introduced to counter phishing and other attacks against Internet services such as online banking. Today, SMS OTPs are commonly used for authentication and authorization for many different applications. Recently, SMS OTPs have come under heavy attack, especially by smartphone Trojans. In this paper, we analyze the security architecture of SMS OTP syst...
متن کاملThe Presentation of an Ideal Safe SMS based model in mobile Electronic commerce using Encryption hybrid algorithms AES and ECC
Mobile commerce is whatever electronic transfer or transaction via a mobile modem through a mobile net in which the true value or advance payment is done for goods, services or information. A mobile payment system should be beneficial for all related persons. For a payment system to be a Successful system, End-user, seller, exporter and operators should see a additional value in it. End-user ...
متن کامل