Transaction Authentication Using HMAC-Based One-Time Password and QR Code

Subpratatsavee, Puchong; Kuacharoen, Pramote

doi:10.1007/978-3-662-45402-2_14

Cited by 11 publications

(5 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many banks have enhanced their security by using One-Time Password (OTP) as another authentication method in addition to the traditional username and password method [76], [77]. Then OTP is used for transaction verification at the mobile terminal [78], [79].…”

Section: B Totp Payment Authentication Algorithmmentioning

confidence: 99%

State of the Art: Secure Mobile Payment

Liu

Peng

2020

IEEE Access

View full text Add to dashboard Cite

With mobile payments popular around the world, payers can conduct a payment anytime and anywhere. While providing great convenience, mobile payment also brings many payment security issues. This paper is the first comprehensive review of secure mobile payment. We classify the mobile payment into TPC(third-party payment company)-led mobile payment and Bank-led mobile payment, and based on this, summarize the system structure of mobile payment. Then we discuss the mobile payment security technology framework from Tokenization, PAN(bank card primary account number) binding, and Secure Payment Authentication, respectively. Besides, this paper introduces secure technologies(hardware and software) used in these procedures, discusses and analyzes the security issues that they have been encountered, summarise open issues, and proposes future development directions. In the end, we give the discussion and comparison of popular and representative mobile payment applications, including Alipay, Wechat Pay, Apple Pay, Samsung Pay, and Google Pay. INDEX TERMS Tokenization, symmetric cryptosystem, hybrid cryptosystem, PAN binding, TOTP, remote payment, near-field payment.

show abstract

Section: B Totp Payment Authentication Algorithmmentioning

confidence: 99%

State of the Art: Secure Mobile Payment

Liu

Peng

2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In addition to the approaches described above, there are various other proposed QR code authentication schemes [18,24,28,30].…”

Section: Sms-basedmentioning

confidence: 99%

Authentication and Transaction Verification Using QR Codes with a Mobile Device

Chow

Susilo

Yang

et al. 2016

Security, Privacy, and Anonymity in Computation, Communication, and Storage

View full text Add to dashboard Cite

User authentication and the verification of online transactions that are performed on an untrusted computer or device is an important and challenging problem. This paper presents an approach to authentication and transaction verification using a trusted mobile device, equipped with a camera, in conjunction with QR codes. The mobile device does not require an active connection (e.g., Internet or cellular network), as the required information is obtained by the mobile device through its camera, i.e. solely via the visual channel. The proposed approach consists of an initial user authentication phase, which is followed by a transaction verification phase. The transaction verification phase provides a mechanism whereby important transactions have to be verified by both the user and the server. We describe the adversarial model to capture the possible attacks to the system. In addition, this paper analyzes the security of the propose scheme, and discusses the practical issues and mechanisms by which the scheme is able to circumvent a variety of security threats including password stealing, man-in-the-middle and man-in-the-browser attacks. We note that our technique is applicable to many practical applications ranging from standard user authentication implementations to protecting online banking transactions. Abstract. User authentication and the verification of online transactions that are performed on an untrusted computer or device is an important and challenging problem. This paper presents an approach to authentication and transaction verification using a trusted mobile device, equipped with a camera, in conjunction with QR codes. The mobile device does not require an active connection (e.g., Internet or cellular network), as the required information is obtained by the mobile device through its camera, i.e. solely via the visual channel. The proposed approach consists of an initial user authentication phase, which is followed by a transaction verification phase. The transaction verification phase provides a mechanism whereby important transactions have to be verified by both the user and the server. We describe the adversarial model to capture the possible attacks to the system. In addition, this paper analyzes the security of the propose scheme, and discusses the practical issues and mechanisms by which the scheme is able to circumvent a variety of security threats including password stealing, man-in-the-middle and man-in-the-browser attacks. We note that our technique is applicable to many practical applications ranging from standard user authentication implementations to protecting online banking transactions.

show abstract

“…The only process of encoding and decoding is not enough for secure online electronic transaction because of lack of legitimacy (Plaintext validity) . Hence, the solution is to improvise a scheme of message authentication encryption …”

Section: Introductionmentioning

confidence: 99%

“…[3][4][5] Hence, the solution is to improvise a scheme of message authentication encryption. [6][7][8][9][10][11] Simple concept of authentication encryption (AE) including MAC. Let a sender () and receiver () work under the communication network of   .…”

mentioning

confidence: 99%

A simple authentication encryption scheme

Mazumder

Miyaji

2017

Concurrency and Computation

View full text Add to dashboard Cite

An authentication encryption (AE) scheme satisfies to transfer an authenticated data between 2 parties or more. There are vast applications of the AE such as access control, encryption, enhancing trust between multiple parties, and assure the originality of a message. However, the main challenge of the AE is to maintain low-cost features for its construction. Furthermore, there is another emerging issue of Internet of Things (IoT) in the field of data and network communication.The numbers of application of the IoT are increasing expeditiously, where various kinds of device have been used such as IoT-end device, constrained device, and RfID. Moreover, the main challenge of the IoT-end devices and resource constrained devices is to keep a certain level of security bound including minimum cost. However, the IoT-end devices, resource constrained devices, and RfID have lack of resources such as memory, power, and processors. Interestingly, the AE can play a vital role between data acquisition (sensors, actuators) and data aggregation of usual platform of the IoT. Thus, the construction of the AE should satisfy the properties of low-cost, least resources, and less operating-time. Though, there are many familiar constructions of AE such as OTR, McOE, POE, OAE, APE, COPE, CLOC, and SILK but most of the schemes depend on the features of nonce and associate data. In the aspect of security, the usage of nonce and associated data are adequate.However, these 2 features increase the overhead cost. Therefore, we propose a simple construction of IV-based AE where blockcipher compression function is used as encryption function. Our proposed scheme's efficiency-rate is 1 with reasonable privacy-security bound. In addition, it can encrypt arbitrary length of message in each iteration without padding.

show abstract

Transaction Authentication Using HMAC-Based One-Time Password and QR Code

Cited by 11 publications

References 12 publications

State of the Art: Secure Mobile Payment

State of the Art: Secure Mobile Payment

Authentication and Transaction Verification Using QR Codes with a Mobile Device

A simple authentication encryption scheme

Contact Info

Product

Resources

About