{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T07:46:48Z","timestamp":1772351208813,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":32,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,3,16]],"date-time":"2020-03-16T00:00:00Z","timestamp":1584316800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,3,16]]},"DOI":"10.1145\/3374664.3375727","type":"proceedings-article","created":{"date-parts":[[2020,3,13]],"date-time":"2020-03-13T17:06:53Z","timestamp":1584119213000},"page":"223-234","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["The Good, the Bad and the (Not So) Ugly of Out-of-Band Authentication with eID Cards and Push Notifications"],"prefix":"10.1145","author":[{"given":"Marco","family":"Pernpruner","sequence":"first","affiliation":[{"name":"Fondazione Bruno Kessler, Trento, Italy"}]},{"given":"Roberto","family":"Carbone","sequence":"additional","affiliation":[{"name":"Fondazione Bruno Kessler, Trento, Italy"}]},{"given":"Silvio","family":"Ranise","sequence":"additional","affiliation":[{"name":"Fondazione Bruno Kessler, Trento, Italy"}]},{"given":"Giada","family":"Sciarretta","sequence":"additional","affiliation":[{"name":"Fondazione Bruno Kessler, Trento, Italy"}]}],"member":"320","published-online":{"date-parts":[[2020,3,16]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--642--28756--5_19"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10009-015-0385-y"},{"key":"e_1_3_2_1_3_1","unstructured":"AVANTSSAR. 2011. ASLan"},{"key":"e_1_3_2_1_4_1","unstructured":"specification and tutorial. Deliverable D2.3 . http:\/\/www.avantssar.eu\/pdf\/deliverables\/avantssar-d2--3_update.pdf Also available at https:\/\/stfbk.github.io\/complementary\/CODASPY2020."},{"key":"e_1_3_2_1_5_1","unstructured":"Bruno Blanchet Ben Smyth Vincent Cheval and Marc Sylvestre. 2018. ProVerif 2.00: Automatic Cryptographic Protocol Verifier User Manual and Tutorial . https:\/\/prosecco.gforge.inria.fr\/personal\/bblanche\/proverif\/manual.pdf"},{"key":"e_1_3_2_1_6_1","unstructured":"Jeff Broberg. 2017. What to look for in Multi-factor Authentication . OneLogin. https:\/\/www.onelogin.com\/blog\/what-to-look-for-in-multi-factor-authentication"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1983.1056650"},{"key":"e_1_3_2_1_8_1","unstructured":"Duo. 2019. Guide to Two-Factor Authentication: Enrollment Guide . https:\/\/guide.duo.com\/enrollment"},{"key":"e_1_3_2_1_9_1","unstructured":"Federal Office for information Security. 2019. eID infrastructure . https:\/\/www.bsi.bund.de\/EN\/Topics\/ElectrIDDocuments\/German-eID\/eID-Infrastructure\/eID-Infrastructure_node.html"},{"key":"e_1_3_2_1_10_1","unstructured":"FIDO Alliance. 2019 a. FIDO Alliance . https:\/\/fidoalliance.org\/"},{"key":"e_1_3_2_1_11_1","unstructured":"FIDO Alliance. 2019 b. Specifications Overview . https:\/\/fidoalliance.org\/specifications\/"},{"key":"e_1_3_2_1_12_1","unstructured":"Firebase. 2019. Firebase Cloud Messaging . https:\/\/firebase.google.com\/docs\/cloud-messaging"},{"key":"e_1_3_2_1_13_1","unstructured":"Gemalto. 2019. The Digital Identity Revolution . https:\/\/www.gemalto.com\/govt\/identity\/digital-identity-services\/mobile-id"},{"key":"e_1_3_2_1_14_1","unstructured":"GIXEL. 2009. European Card for e-Services and National e-ID Applications ."},{"key":"e_1_3_2_1_15_1","unstructured":"Martin Gontovnikas. 2017. Is Passwordless Authentication More Secure Than Passwords? Auth0. https:\/\/auth0.com\/blog\/is-passwordless-authentication-more-secure-than-passwords\/"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800--63--3"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800--63b"},{"key":"e_1_3_2_1_18_1","unstructured":"ICAO. 2015. Machine Readable Travel Documents . https:\/\/www.icao.int\/publications\/pages\/publication.aspx?docnum=9303"},{"key":"e_1_3_2_1_19_1","unstructured":"International Organization for Standardization. 2013. ISO\/IEC 29115:2013 -- Information technology -- Security techniques -- Entity authentication assurance framework . https:\/\/www.iso.org\/standard\/45138.html"},{"key":"e_1_3_2_1_20_1","unstructured":"IPZS. 2015. CIE 3.0 -- Specifiche Chip . http:\/\/www.cartaidentita.interno.gov.it\/wp-content\/uploads\/2016\/07\/cie_3.0_-_specifiche_chip.pdf"},{"key":"e_1_3_2_1_21_1","unstructured":"ITU. 2006. Information technology -- Open Systems Interconnection -- The Directory: Public-key and attribute certificate frameworks . http:\/\/handle.itu.int\/11.1002\/1000\/13031"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--642--39799--8_48"},{"key":"e_1_3_2_1_23_1","unstructured":"NIST. 2017. Digital Identity Guidelines . https:\/\/pages.nist.gov\/800--63--3\/"},{"key":"e_1_3_2_1_24_1","volume-title":"2019 a","author":"NIST.","unstructured":"NIST. 2019 a. National Institute of Standards and Technology . https:\/\/www.nist.gov\/"},{"key":"e_1_3_2_1_25_1","unstructured":"NIST. 2019 b. Vulnerability Metrics . https:\/\/nvd.nist.gov\/vuln-metrics\/cvss"},{"key":"e_1_3_2_1_26_1","unstructured":"OAuth. 2019. Access Tokens . https:\/\/www.oauth.com\/oauth2-servers\/access-tokens\/"},{"key":"e_1_3_2_1_27_1","unstructured":"OWASP. 2018. OWASP Risk Rating Methodology . https:\/\/www.owasp.org\/index.php\/OWASP_Risk_Rating_Methodology"},{"key":"e_1_3_2_1_28_1","unstructured":"OWASP. 2019. The OWASPtextsuperscript? Foundation . https:\/\/www.owasp.org\/"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--319--75650--9_5"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--319--89722--6_8"},{"key":"e_1_3_2_1_31_1","first-page":"73","article-title":"Regulation (EU) No 910\/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999\/93\/EC","author":"The European Parliament and the Council of the European Union.","year":"2014","unstructured":"The European Parliament and the Council of the European Union. 2014. Regulation (EU) No 910\/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999\/93\/EC. In Official Journal of the European Union, Vol. L 257\/73. https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=CELEX:32014R0910","journal-title":"Official Journal of the European Union"},{"key":"e_1_3_2_1_32_1","unstructured":"Verizon. 2017. 2017 Data Breach Investigations Report . https:\/\/enterprise.verizon.com\/resources\/reports\/2017_dbir.pdf"}],"event":{"name":"CODASPY '20: Tenth ACM Conference on Data and Application Security and Privacy","location":"New Orleans LA USA","acronym":"CODASPY '20","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3374664.3375727","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3374664.3375727","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:33:08Z","timestamp":1750199588000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3374664.3375727"}},"subtitle":["Design, Formal and Risk Analysis"],"short-title":[],"issued":{"date-parts":[[2020,3,16]]},"references-count":32,"alternative-id":["10.1145\/3374664.3375727","10.1145\/3374664"],"URL":"https:\/\/doi.org\/10.1145\/3374664.3375727","relation":{},"subject":[],"published":{"date-parts":[[2020,3,16]]},"assertion":[{"value":"2020-03-16","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}