Verteilte Dienstnutzung mit dem neuen Personalausweis

AuthorHorsch, M.; Braun, J.; Wiesmaier, A.; Schaaf, J.; Baumöller, C.
TypeConference Proceedings
AbstractAuthentication using user name and password bears various risks such as eavesdropping by malware. Authentication mechanisms based on smart cards avoid such attacks by requiring possession of the card, but are often not applicable due to missing card readers. The direct connection between reader and user system allows for attacks e.g. when typing in the PIN via the user system. We present a process which allows conducting an authentication completely decoupled from the user system. This solves the problem with the availability of card readers. Additionally, the user input is no longer at risk of being eavesdropped on by malware on the user system.
InD-A-CH Security 2012, p.186-197