Mehrdad Nourai and Haim Levkowitz, University of Massachusetts Lowell, USA

When we need to make informed financial decisions, we seek out tools to assist us with managing and aggregating our finances. Traditionally, money management software packages have been available for personal computers; however, they were expensive and often had steep learning curve. With a paradigm shift to cloud-computing users are looking toward the web for an easier and low-cost solution. As a result, third-party companies have been formed to fill this gap. However, users have to share their login credentials with the third-party, and if that information gets compromised, an attacker can access and perform transactions on their account. We present a novel, holistic model with a new handshake protocol and access control, which authenticates and forms a sandbox around a third-party access. When utilizing these novel techniques, users’ original login credentials can remain private, and no one would be able to perform transactions on the users’ account.

Security, Network Protocols, SSL Cryptography, PKI