Bridging Strong Authentication with PKI
With the banks investing heavily in strong 2-factor authentication infrastructures for their Internet Banking systems, there must be a greater business justification for implementing and maintaining this investment. This can be materialized through the banks exploiting the 'secured' Internet channel to carry out larger volume and higher-value transactions with their clients. The use of PKI (Public Key Infrastructure) for digital signatures on these transactions will give the banks the legal recourse and protection (through the digital signature laws) to launch more products over the Internet or push for more B-to-B straight-through processing for greater business efficiencies. The challenge therefore is how to bridge authentication with PKI, without the need to deploy the expensive and cumbersome-to-manage smartcards, and yet be compliant to the Digital Signature Laws. In this paper, we will describe how a strong authentication infrastructure can be leveraged upon to deploy a very dynamic PKI system for digital signatures, without the need for smartcards. The technology is called, One Time Private Key (OTPK).
TAN Teik Guan