DocumentCode
2487942
Title
TLS client handshake with a payment card
Author
Boyd, David J.
Author_Institution
Inf. Security Group, Univ. of London, London, UK
fYear
2009
fDate
23-29 May 2009
Firstpage
1
Lastpage
8
Abstract
Transport Layer Security (TLS) is the de facto standard for preventing eavesdropping, tampering or message forgery of higher-risk Internet communications, for example when making a payment. At heart TLS is a stateful cryptographic protocol built around a public key infrastructure (PKI). However TLS is configurable; at one extreme it provides little protection and at the other end of the scale it provides protection against most threats to an Internet communication. In practice the ldquoIrdquo part of PKI is often not available at the client end so only the server end is authenticated. In this paper an optional TLS extension is proposed that dispenses with the need for the client to be registered with a PKI registration authority and instead uses a payment card to authenticate the user. This facilitates wider use of the available TLS services and can provide additional security services: enhanced privacy and certain non-repudiation services, for example.
Keywords
Internet; client-server systems; cryptographic protocols; financial data processing; message authentication; public key cryptography; Internet communication; TLS client handshake; cryptographic protocol; payment card; public key infrastructure; transport layer security; user authentication; Communication standards; Cryptographic protocols; Forgery; Heart; Internet; Privacy; Protection; Public key; Security; Web server;
fLanguage
English
Publisher
ieee
Conference_Titel
Parallel & Distributed Processing, 2009. IPDPS 2009. IEEE International Symposium on
Conference_Location
Rome
ISSN
1530-2075
Print_ISBN
978-1-4244-3751-1
Electronic_ISBN
1530-2075
Type
conf
DOI
10.1109/IPDPS.2009.5161241
Filename
5161241
Link To Document