Bachelor Thesis Smart Card Based Solutions for Secure Internet Banking with a primitive reader or mobile phone

Internet Banking is performed in an insecure environment, that is, both the PC and the web browser may have viruses and spyware. Therefore the sensitive data such as client passwords and financial transactions can be eavesdropped and modified. This paper presents two smart card based solutions for Internet Banking. Unlike most of earlier approaches which handles all the sensitive data using the web browser, both proposed solutions provides an trusted system which processing the sensitive data using a smart card with a micro-processor and on-card operating system. The difference between two solutions is that the first one uses a primitive smart card reader (connected to the PC) with the trusted display and keypad, whereas the other makes use of a mobile phone (and the smart card) to provide a trusted computing base for Internet Banking. Since the modern mobile phone has bigger screen and enough computing power, the mobile phone approach does not necessarily require a PC to be involved. For both solutions, we have shown that the integrity of client’s transactions can be ensured. Furthermore, if we assume that the hardware and the software of the mobile phone can be trusted, then some other security aspects in Internet Banking can be achieved with the mobile phone solution. These aspects includes the authentication of the client and the bank, the confidentiality and the integrity of the client’s financial information (not only the transactions).