Subject: connected/unconnected gen. Обеспечение защиты информации банка.a. TXN signing with hard certificate with PIN pad and external display / **connected • risks for authentication: malware has read access to login • risks for authorisation: transaction details are signed on a separate device, TAC is generated based on transaction details. Transactions modified by MITM/MITB would have different TAC. Device is connected via USB interface to PC. Theoretically updates of firmware/manipulation of the device could be possible or device can be read from the malware. b. TXN signing with hard certificate with PIN pad and external display / **unconnected • risks for authentication: malware has read access to login • risks for authorisation: currently none known, transaction details are input manually (or with flicker5 code) and signed on a separate device, TAC is generated based on transaction details. Transactions modified by MITM/MITB would have different TAC. Device has no interface to connect to a pc, therefore updates of firmware/manipulation of the device is currently not possible. Не совсем понимаю, к чему относится connected/unconnected и как это перевести в контексте. Спасибо!
|