The Combining Method of Fingerprint and QR Code as Mutual Authentication for Mobile Payment (original) (raw)

SECURITY ANALYSIS OF MOBILE AUTHENTICATION USING QR-CODES

The QR-Code authentication system using mobile application is easily implemented in a mobile device with high recognition rate without short distance wireless communication support such as NFC. This system has been widely used for physical authentication system does not require a strong level of security. The system also can be implemented at a low cost. However, the system has a vulnerability of tampering or counterfeiting, because of the nature of the mobile application that should be installed on the user’s smart device. In this paper we analyze the vulnerabilities about each type of architectures of the system and discuss the concerns about the implementation aspect to reduce these vulnerabilities.

Multilevel Authentication Based on QR Codes to Secure Banking Operations

IJARCCE

Today, People can do almost everything online (banking, shopping, storing and sharing personal information). To access these services in the most secured manner is very critical. Many authentication methods are available such as username and password, barcode, finger print and face detection. But these methods have some advantages as well as disadvantages. Username and password are not providing security; fingerprints and face identity are the methods which are very costly and not affordable by common users. To overcome all the drawbacks the QR code is introduced. QR code has many applications. QR codes are used in banking transactions for security; it provides more security than barcode. The QR code stores complex password. QR code can be scanned using smart phones. When a user opts for online banking transaction he opens the bank website. On the same page, QR code is displayed after registration, user can scan the QR code image with a scanner. A string is generated after scanning. For authenticating user, IEMI no. of phone is used. The multilevel security is used in this application; therefore this system is very secured method for online transaction than existing system.

Authentication and Transaction Verification Using QR Codes with a Mobile Device

Lecture Notes in Computer Science, 2016

User authentication and the verification of online transactions that are performed on an untrusted computer or device is an important and challenging problem. This paper presents an approach to authentication and transaction verification using a trusted mobile device, equipped with a camera, in conjunction with QR codes. The mobile device does not require an active connection (e.g., Internet or cellular network), as the required information is obtained by the mobile device through its camera, i.e. solely via the visual channel. The proposed approach consists of an initial user authentication phase, which is followed by a transaction verification phase. The transaction verification phase provides a mechanism whereby important transactions have to be verified by both the user and the server. We describe the adversarial model to capture the possible attacks to the system. In addition, this paper analyzes the security of the propose scheme, and discusses the practical issues and mechanisms by which the scheme is able to circumvent a variety of security threats including password stealing, man-inthe-middle and man-in-the-browser attacks. We note that our technique is applicable to many practical applications ranging from standard user authentication implementations to protecting online banking transactions.

Password authentication scheme based on smart card and QR code

2021

As a hopeful computing paradigm, cloud services are obtainable to end users based on pay-as-you-go service. Security is represented one of the vital issues for the extended adoption of cloud computing, with the object of accessing several cloud service providers, applications, and services by using anonymity features to authenticate the user. We present a good authentication scheme based on quick response (QR) code and smart card. Furthermore, our proposed scheme has several crucial merits such as key management, mutual authentication, one-time password, user anonymity, freely chosen password, secure password changes, and revocation by using QR code. The security of proposed scheme depends on crypto-hash function, QR-code validation, and smart card. Moreover, we view that our proposed scheme can resist numerous malicious attacks and are more appropriate for practical applications than other previous works. The proposed scheme has proved as a strong mutual authentication based on bur...

Comparative Study of Different Biometric Authorization for Mobile Payment System

Ijca Proceedings on International Conference on Recent Trends in Information Technology and Computer Science 2012, 2013

The PIN based single level authorization of Mobile Payment System suffers several security leakage problems. Integrating biometric identifier as one more level of authorization increases the robustness of the payment system. But as mobile device and wireless network has certain constraint, so it is not possible to use any biometric identifier for authentication. This paper presents a comparative study of using different biometric identifier in authorization process of mobile payment system, in context of developing country like India. In this paper we discussed the possible integration of face, fingerprint, iris, keystroke dynamics and voice as possible biometric identifier.

Advanced Online Banking Authentication System Using One Time Passwords Embedded in QR Code

2014

This paper explains implementation details of online banking authentication system. Security is an important issue for online banking application which can be implemented by various internet technologies. While implementing online banking system, secure data transfer need can be fulfilled by using https data transfer and database encryption techniques for secure storage of sensitive information. To eliminate threat of phishing and to confirm user identity we are going to use concept of QR-code with android application. QR-code which would be scanned by user mobile device which overcome the weakness of traditional password based system. We improve more security by using one time password (OTP) which hides inside QRcode. Keywords— One Time Password (OTP) , Quick Response

Design of Secure Mobile Communication using Fingerprint

European Journal of Scientific Research, 2009

Mobile handheld device is a popular device that provides secure, private, authentic, and accurate communication and exchange of confidential information. In this paper we propose a technique to solve the authenticity problem in mobile communication. This technique is mainly based on the usage of the Fingerprint to identify both the speaker and the sender. This technique is simple, requires less calculation than other public/private key techniques, assures more authenticity than digital signature, and eliminates the need for a third party. Moreover, when applied to mobile phones, this technique resists any forge imposed by another party.

Mobile banking transaction using fingerprint authentication

2018 2nd International Conference on Inventive Systems and Control (ICISC), 2018

Mobile banking services have become one of the most important applications on the Internet, being provided by most of the banks all over the world. The end-user can manage the accounts or make some payments without being forced to go to the physical bank office. That's why security concerns regarding authentication have to be taken into the account and the bank should provide various and combined methods for login and payment, in order to increase the confidence in their services for mobile banking. This research paper will introduce some concepts about these two fields: Mobile banking and fingerprint authentication process. During our researches, we developed a Java based Mobile application to simulate access to Mobile Banking for login and payment options. We also perform sample test for this application and as a result, we found it is very secure and 100% successful and user-friendly.

Securing Online Transaction using Fingerprint Authentication with Embedded Cameras

Now a day's mobile phone became smart phone with lot of features. Smart phone comes with high resolution cameras and support high speed internet. This tends to increase the use of online transactions. But these is secured only by ID no. & password, this is not so secured. Biometric characteristics like fingerprint are changes person to person. So to increase the security of online transactions we use Fingerprint recognition with credit card/debit card transaction. Smart phone with high pixel camera function are capable of capturing image & processing task. In this proposed system cell phones cameras capturing fingerprint images as biometric traits. No need of extra module for fingerprint recognition. Everyday a lot of new mobile phones called as smart phones come in a market with various features like embedded cameras, Fast processors, pocket high speed Internet & many more. By using embedded camera we can take photos & shoot videos. Some of embedded cameras have high resolution & high picture quality images more than 5 Mega-Pixels. Due to high speed internet almost all banking technology has changed to online. So the traditional way of shopping is changed to Internet shopping also we can pay the various bills, transfer the money by using online transactions. But security of online transactions is a big issue. Now days this system is secured only by credit card/debit card no/ ID no, CVC no. & OTP (one time password) which is send on registered mobile no. Moreover, the services which can be accessed via smart phones (e.g., m-banking and m-commerce etc.) represent a major value. Therefore, the danger of a mobile device ending up in the wrong hands presents a serious threat to information security and user privacy. According to the latest research from Halifax Home Insurance claims, 390 million British pounds a year is lost in Britain due to the theft of smart phones. With the average handset costing more than 100 British pounds, it is perhaps not surprising that there are more than 2 million stolen in the UK [1] & India every year. Biometric characteristics like fingerprint, voice pattern, iris etc cannot be stolen or forgotten & also biometric characteristics are unique & remain same even fingerprints of twins are different. So it's most promising technology for authentication. Approximately from 14 th century fingerprints were stamping on paper using ink for identification of person. Now days they are captured as live-scan digital images acquired by directly sensing the fingerprint surface with an electronic fingerprint scanner. The fingerprint pattern displays different features at different levels. Some smart phone has inbuilt fingerprint scanner. But they are very costly. Many fingerprint recognition algorithms perform well on databases that had been collected with high-resolution cameras and in highly controlled situations [2]. In this paper we present fingerprint recognition as means of verifying the identity of the user using embedded camera. We use Fingerprint of user as a password for online transactions. The image of fingerprint is captured by using embedded camera of smart phone. Mostly more than 5 Mega-pixel cameras are used for capturing the image of fingerprint traits. This image is compared with the database. If the image is matched with the database then user can do the online transactions. This is the most secure and easy method. The main purpose of this paper is to lower down the user effort while keeping the error rates in an acceptable and practical range. Therefore, this proposal is a realistic approach to be implemented in mobile devices for user authentication. II Fingerprint Recognition Fingerprint recognition is the most matured approach among all the biometric techniques. With its success of use in different applications, it is today used in many access controls applications as each individual has a unique fingerprint. The hand skin or the finger skin consists of the so called friction ridges with pores. The ridges are already created in the ninth week of an individual's fetal development life [3], and remains the same all life long, only growing up to adult size, but if severe injuries occur the skin may be reconstructed the same as before. Researchers have found out that identical twins have fingerprints that are quite different and that in the forensic community it is believed that no two people have the same fingerprint [4].

Design and Implementation of Secure QR Payment System based on Visual Cryptography

International Journal of Scientific Research in Science and Technology, 2022

In this paper, we will describe the design and implementation of a secure payment system based on QR codes. These QR codes have been extensively used in recent years since they speed up the payment process and provide users with ultimate convenience. However, as convenient as they may sound, QR-based online payment systems are vulnerable to different types of attacks. Therefore, transaction processing needs to be secure enough to protect the integrity and confidentiality of every payment process. Moreover, the online payment system must provide authenticity for both the sender and receiver of each transaction. In this paper, the security of the proposed QR-based system is provided using visual cryptography. The proposed system consists of a web application that implements visual cryptography. The application provides a simple and user-friendly interface for users to share links through QR Code.