Abstract

The aim of this paper is to provide an introduction towards the architectural design of a bi-fold authenticated agent-monitored transaction model. The focus is primarily on implementation in ATM systems which provide the following facilities of withdrawing currency at any remote terminal, verification of the end users identity using Personal Identification Number and an authentic One-Time-Session-Dependent Key generation and validation through the mobile. This system requires building up of an third party agent which would establish a secure session to the bank application with the terminal only after a series of authentication mechanism without compromising the privacy of any individual. The customers, without any insider privileges, can withdraw currency without being detected by any mechanisms of theft of card and eaves dropping of the Password from the card holders within the terminal software are also a major threat yet to be addressed. A basic solution is the terminals having bi-fold authentication mechanisms where mobile dependent one time session dependent key is being generated with authenticity being ensured and the confidentiality being maintained. In such a system, the correctness burden on the terminal’s code is significantly less as the customers have been given the chance to authorize themselves from their hand-held devices and are allowed to withdraw currency in terminal only after their identity is proved by a series of authentication procedures. In this paper along with the bi-fold authentication implementation, architectural design of the agent which is being introduced is also briefed.