One-touch Financial Transaction Authentication

Daniel V. Bailey, John G. Brainard, Sebastian Rohde, Chris­tof Paar

SECRYPT 2009, Proceedings of the International Conference on Security and Cryptography, Milan, Italy, Juli 7-10, 2009.


We present a design for a Wi-Fi user-authentication token that tunnels data through the SSID field, packet timing, and packet length. Previous attempts to build an online-banking transaction-signing token have been only moderately successful, due in large part to usability problems. Average consumers, especially in the United States, are simply unwilling to transcribe strings of digits from PC to token and back again. In a departure from previous work, our token communicates using point-to-point side-channels inWi-Fi that allow two devices to directly exchange messages – even if one is also connected to an access point. The result is a token that can authenticate transactions using only one touch by the user. The increased usability means more transactions can be authenticated, reducing fraud and driving more banking business online.

[pdf] [bib]