[cap-talk] "Secure Bookmark" terminology and Phoolproof Phishing Preventing from CMU
toby.murray at dsto.defence.gov.au
Thu Sep 7 18:04:41 CDT 2006
Some on this list might be interested to know that the "secure bookmark"
term is being employed in a anit-phishing project at CMU. I haven't read
the paper so am unsure whether their use of the term is consistent with
its usage on this list (namely to denote an authority-carrying URL).
Details about their project can be found here:
From the "How does it work" section of the project's homepage:
> Suppose Alice goes to her local bank branch and registers to use the
> Phoolproof system with her bank account. This is what happens when she
> goes to access her account online:
> Alice selects the bank’s secure bookmark on her mobile device (e.g.,
> cell phone).
> * The device opens a browser on her computer and directs the browser to
> her bank’s website.
> * The browser retrieves the bank’s certificate and forwards it to
> Alice’s mobile device.
> * The mobile device verifies the bank’s certificate and sends Alice’s
> certificate, along with a signature.
> * Alice logs in with her username and password.
> * The server verifies Alice’s certificate, username, and password.
> * Alice uses the website as she normally would.
> It's easy — Alice types in her username and password (as usual) and
> presses a button on her mobile device. With minimal effort, she can
> rest assured that she set up a secure connection with the right website!
Advanced Computer Capabilities Group
Information Networks Division
IMPORTANT: This e-mail remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the
Crimes Act 1914. If you have received this e-mail in error, you are
requested to contact the sender and delete the e-mail.
More information about the cap-talk