[EMAIL PROTECTED] writes: >Take a look at Boojum Mobile -- it is precisely the idea of using the cell >phone as an out-of-band chanel for an in-band transaction. > >http://www.boojummobile.com
Banks here have been using it to authenticate higher-value electronic transactions as well. The way it works is that for transactions with a combined value over the default floor limit of NZ$2.5K you have to use an additional PIN sent via SMS to a pre-configured number to authenticate the session. The PIN authenticates that particular session (not just one transaction), with a fee of NZ$0.25. It's not perfect, obviously, but that was seen as the best tradeoff between cost, user convenience, and security. <grumble>A few years ago I wanted to do this out-of-band authentication as a research project, and at the time couldn't find anyone interested in it; now they've paid an arm and a leg for it themselves, sigh</grumble>. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]