@inproceedings{3c29a879b39b4d73a9aef315463184fb,
title = "Introducing TLS-PSK Authentication for EMV devices",
abstract = "Access control to online banking accounts is a very critical topic for the always-on emerging society. In order to avoid phising threats resulting from classical mechanisms dealing with login and password tuples, the deployment of two-factor authentication tokens generating One Time Password (OTP) is recommended by many governmental organizations. A procedure based on EMV credit cards (the Chip Authentication Program) is proposed by several financial companies. However, due to passwords lifetime, OTP values may be collected by hackers via phishing attacks. In this paper we present a protocol that merges the CAP approach to the TLS-PSK protocol. As a consequence there is no need to collect OTP values, and phishing attacks don't work, because the mutual authentication between the card bearer and the WEB site is only performed via the SSL session.",
keywords = "EMV, Security, Smart card, TLS, WEB",
author = "Pascal Urien",
year = "2010",
month = jul,
day = "16",
doi = "10.1109/CTS.2010.5478489",
language = "English",
isbn = "9781424466191",
series = "2010 International Symposium on Collaborative Technologies and Systems, CTS 2010",
pages = "371--377",
booktitle = "2010 International Symposium on Collaborative Technologies and Systems, CTS 2010",
note = "2010 International Symposium on Collaborative Technologies and Systems, CTS 2010 ; Conference date: 17-05-2010 Through 21-05-2010",
}