File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Conference Paper: Authentication and transaction verification using QR codes with a mobile device

TitleAuthentication and transaction verification using QR codes with a mobile device
Authors
KeywordsOne-Time-Password (OTP)
Transaction integrity
Transaction verification
Transaction-Authentication-Number (TAN)
Authentication
Mobile device
QR code
Issue Date2016
Citation
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2016, v. 10066 LNCS, p. 437-451 How to Cite?
Abstract© Springer International Publishing AG 2016. User authentication and the verification of online transactions that are performed on an untrusted computer or device is an important and challenging problem. This paper presents an approach to authentication and transaction verification using a trusted mobile device, equipped with a camera, in conjunction with QR codes. The mobile device does not require an active connection (e.g., Internet or cellular network), as the required information is obtained by the mobile device through its camera, i.e. solely via the visual channel. The proposed approach consists of an initial user authentication phase, which is followed by a transaction verification phase. The transaction verification phase provides a mechanism whereby important transactions have to be verified by both the user and the server. We describe the adversarial model to capture the possible attacks to the system. In addition, this paper analyzes the security of the propose scheme, and discusses the practical issues and mechanisms by which the scheme is able to circumvent a variety of security threats including password stealing, man-in-the-middle and man-in-the-browser attacks. We note that our technique is applicable to many practical applications ranging from standard user authentication implementations to protecting online banking transactions.
Persistent Identifierhttp://hdl.handle.net/10722/280607
ISSN
2023 SCImago Journal Rankings: 0.606
ISI Accession Number ID

 

DC FieldValueLanguage
dc.contributor.authorChow, Yang Wai-
dc.contributor.authorSusilo, Willy-
dc.contributor.authorYang, Guomin-
dc.contributor.authorAu, Man Ho-
dc.contributor.authorWang, Cong-
dc.date.accessioned2020-02-17T14:34:28Z-
dc.date.available2020-02-17T14:34:28Z-
dc.date.issued2016-
dc.identifier.citationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2016, v. 10066 LNCS, p. 437-451-
dc.identifier.issn0302-9743-
dc.identifier.urihttp://hdl.handle.net/10722/280607-
dc.description.abstract© Springer International Publishing AG 2016. User authentication and the verification of online transactions that are performed on an untrusted computer or device is an important and challenging problem. This paper presents an approach to authentication and transaction verification using a trusted mobile device, equipped with a camera, in conjunction with QR codes. The mobile device does not require an active connection (e.g., Internet or cellular network), as the required information is obtained by the mobile device through its camera, i.e. solely via the visual channel. The proposed approach consists of an initial user authentication phase, which is followed by a transaction verification phase. The transaction verification phase provides a mechanism whereby important transactions have to be verified by both the user and the server. We describe the adversarial model to capture the possible attacks to the system. In addition, this paper analyzes the security of the propose scheme, and discusses the practical issues and mechanisms by which the scheme is able to circumvent a variety of security threats including password stealing, man-in-the-middle and man-in-the-browser attacks. We note that our technique is applicable to many practical applications ranging from standard user authentication implementations to protecting online banking transactions.-
dc.languageeng-
dc.relation.ispartofLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)-
dc.subjectOne-Time-Password (OTP)-
dc.subjectTransaction integrity-
dc.subjectTransaction verification-
dc.subjectTransaction-Authentication-Number (TAN)-
dc.subjectAuthentication-
dc.subjectMobile device-
dc.subjectQR code-
dc.titleAuthentication and transaction verification using QR codes with a mobile device-
dc.typeConference_Paper-
dc.description.naturelink_to_subscribed_fulltext-
dc.identifier.doi10.1007/978-3-319-49148-6_36-
dc.identifier.scopuseid_2-s2.0-84996798736-
dc.identifier.volume10066 LNCS-
dc.identifier.spage437-
dc.identifier.epage451-
dc.identifier.eissn1611-3349-
dc.identifier.isiWOS:000387960800036-
dc.identifier.issnl0302-9743-

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats