Unfortunately you haven't actually detailed any solutions yet other than stating the current system is unsatisfactory. If you want to outline exactly how this can be done, then I'm all ears, but until then, I don't think this conversation is going to go anywhere.
That is kind of right. This is because it is a non-trivial task to do it right, and if I were to start thinking about it properly, I would not start with your paper. See below for one reason:
For future reference, the requirement of the paper which you quoted explicitly details that the situation that we've been arguing about is noted as (practically the only) attack vector on the system:
In the event that both the exchange and the user's computer is breached, the user has not previously placed trades while under surveillance and the user has set up SMS authentication, the attacker should not be able to withdraw funds or place trades on the user's behalf.
[/quote]
This is one example of the carelessness/imprecision that IMHO does not make the paper worth repairing. The attack I pointed out does NOT require both the exchange and the user's computer being breached. Only the exchange needs to be breached. And your requirements claim that you want to defend against this case. But your design does not.