"The initial connection is set up using PKI as now, but the only thing that is used for is to get the user to identify themselves using some credentials, and then sending the signin bookmark to the users browser, which stores it. The browser than lets the user to click on the signin bookmark, which invokes a procedure that signs the user into the web site, as the name implies. Thus it contains a URL just like a normal bookmark."
Just letting users know they should bookmark their banking site would probably be an improvement as it is now. ;-)
Anyway, maybe it could be combined with BrowserID  ?