This paper focuses on protocols for human/smartcard interaction which allow the user to authorise individual smartcard transactions, whilst not sacrificing useability or security. In the past, protocols for secure transactions have traded off useability against security whereas the protocols presented here are designed so that they tradeoff security against hardware complexity and always give high useability. Our protocols utilise some of the concepts and assumptions present in sessional authentication, but also make improvements to this model. We do not propose the use of biometrics for authentication. Biometrics are viewed with apprehension by many users since they are irrevocable.
展开▼