Galexia
             home
       about us
        services
        projects
       research
          contact
» home » research » assets » eft review  

Subscribe to Galexia news and announcements.
More information »

Issues Management: Public and Stakeholder Consultations: While we have our own extensive network of contacts we also work closely with clients to assist in the consultation process. We are experienced in managing stakeholder liaison and providing stakeholder services such as conducting workshops, stakeholder correspondence, media analysis and advice on the media response. Find out more »

[2015 APAC Cybersecurity Dashboard]

2015 Asia Pacific Cybersecurity Dashboard
Find out more »

Submission - Joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC (May 2007)

[« previous] [next »] [up] [title page] [full contents]

Secure Remote Password Protocol

A typical implementation of SRP works by applying a function to a password chosen by the user to generate what is known as a ‘verifier’. The verifier is sent once to the financial institution’s server where it is stored.

Each time the user needs to log-in, they enter their username and password. However the password, unlike the username, is not sent to the financial institution’s server. The password is instead used by the customer’s computer to generate the verifier referred to earlier. The financial institution’s server and the customer’s computer then generate random values and exchange these. Using the combination of the verifier (which the customer’s computer has generated and the financial institution’s server should already have a copy of) and both sets of random values, each party is able to produce a congruent session key that can be used to encrypt communications. Each party then proves it has the same session key by producing a hash of that key and sending it to the other party along with the random values provided by that other party. Both the customer and financial institution have thus proven they hold the correct verifier without actually sharing it, facilitating a process of mutual authentication and significantly reducing the possibility of a fraudulent third party being able to use an end-user’s password to initiate a replay attack.

[« previous] [next »] [up] [title page] [full contents]

[view all] [download PDF version]

[up to research]

 

Search for:

HERE

PrintVersionprint this page

Sitemapsitemap

Subcribe to RSS newsrss news feed

Manage email subscriptionsmanage email subscriptions

Latest News

September 2019
Register of Public Galexia PIAs. Read more »

September 2019
Updates to Galexia Website. Read more »

September 2019
PM&C / Office of the National Data Commissioner (ONDC) releases Discussion Paper and accepts recommendations from Galexia’s PIA on the proposed Data Sharing and Release legislative framework. Read more »

August 2019
Galexia providing privacy advice and an independent public Privacy Impact Assessment (PIA) on 2021 Census for ABS. Read more »

June 2019
Galexia completes privacy advice and an independent Privacy Impact Assessment (PIA) on the Naval Shipbuilding College Workforce Register. Read more »

view all news items »

[Home] [Sitemap] [Print this page] [Privacy statement]

© Galexia Pty Ltd
Telephone: +61 (02) 9660 1111
Email: [email protected]