funsec mailing list archives
A password for your credit cards
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Wed, 2 Aug 2006 11:18:44 -0400
A password for your credit cards By Joris Evers <http://news.com.com/A+password+for+your+credit+cards/2100-1029_3-6101121.ht ml> http://news.com.com/A+password+for+your+credit+cards/2100-1029_3-6101121.htm l Story last modified Wed Aug 02 04:45:10 PDT 2006 <http://adlog.com.com/adlog/i/r=6465&s=677715&t=2006.08.02.13.17.50&o=1009:1 029:&h=cn&p=2&b=5&l=en_US&site=3&pt=2102&nd=1029&pid=&cid=6101121&pp=100&rqi d=01c18-ad-e744C8DA46242C2B7/http://i.i.com.com/cnwk.1d/Ads/common/dotclear. gif> As banks face an end-of-year deadline to strengthen online authentication, one company believes it holds the right card to customer security--a one-time-password. Los Angeles-based <http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.incardtech.com%2F&siteId=3 &oId=2102-1029_3-6101121&ontId=1009&lop=nl.ex> Innovative Card Technologies, or InCard, has found a way to build a display, battery and password-generating chip into a card, such as a credit card. The technology competes with tokens, such as those sold by RSA Security, Vasco and VeriSign. <http://news.com.com/2300-1029_3-6101043-1.html> credit card "We took a form factor that was awkward and fat and miniaturized it," Alan Finkelstein, InCard's chief executive officer, said in an interview. "The current tokens are clumsy and can only do one thing well, issue the one-time password. Our card can be your credit card, your employee ID card and give you access to buildings." Just like the tokens, the card, called a DisplayCard, generates passwords that can be used to validate online logins or transactions, for example when banking online. The cards offer an extra level of security, in addition to the <http://news.com.com/Finding+a+replacement+for+passwords/2100-1029_3-5586249 .html?tag=nl> traditional login name and password. Some banks, such as online broker ETrade Financial, have provided high-net customers with tokens for some time. The InCard product comes as financial services companies are under increasing pressure <http://news.com.com/RSA+to+test+new+Web+authentication+service/2100-1029_3- 5895471.html?tag=nl> to improve the security of online transactions. The Federal Financial Institutions Examination Council <http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.ffiec.gov%2Fpress%2Fpr1012 05.htm&siteId=3&oId=/RSA+to+test+new+Web+authentication+service/2100-1029_3- 5895471.html&ontId=1009&lop=nl.ex> recommended last October that banks introduce multiple-factor authentication by the end of 2006. It took InCard four years to develop the card, Finkelstein said. The company combined technology from a Taiwanese display maker, a U.S. battery manufacturer and a French security team, he said. A Swiss partner, <http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.idee-dailleurs.ch%2Fnagrai d%2F&siteId=3&oId=/RSA+to+test+new+Web+authentication+service/2100-1029_3-58 95471.html&ontId=1009&lop=nl.ex> NagraID, owns the rights to the process to combine the pieces and actually manufacture the technical innards of the card. The biggest development challenges were the ability to bend the card, power consumption and thickness, Finkelstein said. The result is a card that's as thin and flexible as a regular credit card and is guaranteed to work for three years and 16,000 uses. "Which is about 15 times a day, seven days a week," Finkelstein said. ...
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- A password for your credit cards Richard M. Smith (Aug 02)