Communications of the ACM
IBM Looks to Secure Internet Banking With Usb Stick
A USB memory stick that can guarantee secure banking transactions even if a PC is tainted by malware has been developed by IBM's Zurich research laboratory.
The lab's Michael Baentsch says that when the prototype Zone Trusted Information Channel (ZTIC) connects to a computer, it is configured to open a Secure Sockets Layer (SSL) link with the bank's servers. ZTIC also functions as a smart card reader that can accept bank cards for verification, and a transaction can be carried out through a Web browser once a PIN is confirmed. By circumventing the browser and connecting directly with the bank, ZTIC ensures the accuracy of the data exchanged. Disparities between the information ZTIC displays and the confirmation data the browser shows indicate a man-in-the-middle attack in progress.
Baentsch says ZTIC's software has been designed to quickly set up a SSL session, and the memory stick cannot be infected by malware because no data can be stored on it. ZTIC also checks to ensure that a Web site has a legitimate security certificate in order to thwart phishing attacks.
From InfoWorld
View Full Article
No entries found