The Australian Trust Network is a database of client policies for each financial institution.

These client policies consist of

• General Information
• Security Policies
• Triggers
  • Activate Trigger
  • Deactivate Trigger
  • Seal Trigger

General Information

The General Information consists of the Name, Description, Starting URL and a Logo.

Security Policies

The Security Policies include specifics about what the required level of security is. This is typically the same for all different banks and pretty much matches the "What you can do for online security" pages in a technical format.

Triggers

Triggers are Hostname, IP-Addresses or mostly SSL Certificate Fingerprints of a particular Financial Institution. With the Triggers we know exactly which Internet requests belong to a particular Financial Institution. Software that support the Australian Trust Network can use this information to provide an unseen protection as they know for the first time what belongs to a particular service or not. Problems like Authentication, Cross Site Scripting (CSS/XSS) are a thing of the past.

Note: The Australian Trust Network specifies the SHA-1 Hash of the SSL Certificates which makes a direct trust relationship without Certificate Authorities possible.

Activate Triggers

The Activate Triggers specifies the SSL Certificates where a client software can detect one particular Financial Institution. This is typically the first SSL Certificate in use by the online banking application.

Deactivate Triggers

The Deactivate Triggers specifies the SSL Certificates / IP-Addresses or Hostnames where a particular web application ends. This typically corresponds to the Logout Function of the online banking application.

Seal Triggers

The Seal Triggers specifies all the Hostnames, IP-Addresses and SSL Certificate Fingerprints that are in use by a particular financial institution. By evaulating this information a client software can distinguish banking requests from non-banking requests.