This paper examines the security aspects of an authentication mechanism for eBanking based on Near Field Communication (NFC), Chip Authentication Program (CAP) and Dynamic Passcode Authentication (DPA). In essence, this mechanism uses a NFC enabled mobile phone and a contact-less or dual interface card to implement a variant of the CAP/DPA unconnected mode, where the mobile phone replaces the standalone Personal Card Reader (PCR) by communicating with the card using its NFC interface. The focus on this document is the security impact of replacing the PCR with the NFC mobile phone, and the contact-only smart card with a contact-less or dual interface smart card, rather than the protocols themselves defined by CAP/DPA.
By: D. A. Ortiz-Yepes
Published in: RZ3736 in 2009
Questions about this service can be mailed to reports@us.ibm.com .
