Payment transactions initiated through a mobile device are growing and security concerns must be addressed. People
coming from payment card industry often talk passionately about porting ISO 9564 PIN standard based authentication
in open-loop card payment to closed-loop mobile financial transactions and certification of closed-loop payment product or solution against this standard. In reality, so far this standard has not been adopted in closed-loop mobile payment authentication and applicability of this ISO standard must be studied carefully before adoption. The authors do a critical analysis of the applicability of this ISO specification and make categorical statement about relevance of compliance to closed-loop mobile payment. Security requirements for authentication in closed-loop mobile payment systems are not standardised through ISO 9564 standard, Common Criteria [3], etc. Since closed-loop mobile payment is a relatively new field, the authors make a case for Common Criteria Recognition Agreement (CCRA) or other standards organization to push for publication of a mobile device-agnostic Protection Profile or standard for it, incorporating the suggested authentication approaches.
Design of Banking Security System Using Mems And Rfid Technologytheijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
In the present scenario ATM transaction are carried out with the help of ATM cards which have to be physically swiped at the ATM machine. The present cash withdrawal system involves swiping the ATM card at an ATM Machine and then input a four digit pin into the terminal for verification. This method is susceptible to many types of attacks such as shoulder surfing, replay attack and ATM card skimming. In this paper, we are proposing a system in which a QR code is used as an alternative to the physical ATM card based authentication. This system can be incorporated in smartphones and other wearable device thereby eliminating the need for carrying ATM cards. QR codes are generated in the wearable device as well as the ATM machine to carry out User Authorization. An eight-digit long pin is generated to make the system more secure than present one. A background server is used to generate unique 8 digit pins for each transaction. This background server also manages transactions and links them to a user’s bank account when a transaction is underway. This scheme protects the user from shoulder surfing or observation attacks, replay attacks and partial observation attacks.
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...IJRTEMJOURNAL
The scope of this work extends to system components (for example service providers, networks,
servers, hosts, applications, processes and personnel) which are used to exchange PIN-related data. The PIN
Guidelines in this document encompass PIN security within any one system or sub-system and between systems.
This process designs 10 digit keypad with random RGB color SCHEME using a Fast Finite-State Algorithm for
Generating RGB Palettes of Color. In this work, we propose a color finite-state LBG (CFSLBG) algorithm that
reduces the computation time by exploiting the correlations of palette entries between the current and previous
iterations.
E Authentication System with QR Code and OTPijtsrd
As a fast web framework is being created and individuals are informationized, even the budgetary undertakings are occupied with web field. In PC organizing, hacking is any specialized exertion to control the ordinary conduct of system associations and associated frameworks. The current web banking framework was presented to the threat of hacking and its result which couldnt be overlooked. As of late, the individual data has been spilled by a high degree technique, for example, Phishing or Pharming past grabbing a clients ID and Password. Along these lines, a protected client affirmation framework gets considerably more fundamental and significant. Right now, propose another Online Banking Authentication framework. This confirmation framework utilized Mobile OTP with the mix of QR code which is a variation of the 2D standardized identification. 1 6 7 Afrin Hussain "E-Authentication System with QR Code & OTP" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-3 , April 2020, URL: https://www.ijtsrd.com/papers/ijtsrd30808.pdf Paper Url :https://www.ijtsrd.com/computer-science/computer-security/30808/eauthentication-system-with-qr-code-and-otp/afrin-hussain
A MOBILE BASED ANTI-PHISHING AUTHENTICATION SCHEME USING CHALLENGE-RESPONSE A...ijiert bestjournal
Quick Response (QR) code are 2D (two dimension) matrix code. Here it is use for secure authentication. Now days Internet is most commonlyused medium to access the information. People are using many website like online banking,insurance,shopping etc. these websites requires the strong authentication. Using a pair of username and password authentication scheme is not secure enough since attacker can collect information from web phishing and computer infection. Various malware or intended programs attempt to capture the confidential information from personal computer. Therefore,secure authentication scheme is required. Many authentication methods have been developed such as one time password,SMS base OTP system and some using bio-metric feature. Some of these authentications are fail due to network problem and increases the cost. People are increasingly used in all life fields,especially with the wide spread of Android smart phones which are used as QR-code scanners
IRJET- High Security System for Money Carrying VAN to ATM’SIRJET Journal
This document summarizes a research project that developed a high security system for money carrying vans. The system uses both a password entered on a keypad and fingerprint authentication for security. It contains a microcontroller, fingerprint sensor, LCD display, GSM module, and keypad. If an unauthorized person enters the wrong password, access is denied and an alert message is sent via the GSM module. If the password is correct but the fingerprint does not match, access is again denied and an alert sent. The system is designed to improve security when transporting money in vans compared to using guards alone.
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...IRJET Journal
This document proposes enhancing credit card transaction security in ATMs through a three-step verification process using password, fingerprint recognition, and one-time passwords (OTPs). It involves using KNN clustering to verify passwords, displaying a dummy balance if the password is incorrect, matching fingerprints to stored templates, and sending an OTP to the registered phone number if fingerprints match. This approach aims to strengthen user authentication and prevent fraudulent transactions using stolen cards and passwords guessed through brute force attacks. The system is analyzed in MATLAB and is found to provide improved security over existing one-step password verification methods.
IRJET- Artificial Intelligence based Smart ATMIRJET Journal
This document proposes an artificial intelligence-based smart ATM system with enhanced security features. It summarizes existing ATM security issues and proposes adding biometric authentication using fingerprints instead of cards and PINs. The proposed system uses AI for easy user interaction, image processing to detect issues like insufficient funds, and additional security measures like automatic door locking, alerts to law enforcement, and limiting the number of users in the ATM area at one time. The goal is to add multiple layers of security to reduce ATM fraud and theft compared to existing card-and-PIN based systems.
Design of Banking Security System Using Mems And Rfid Technologytheijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
In the present scenario ATM transaction are carried out with the help of ATM cards which have to be physically swiped at the ATM machine. The present cash withdrawal system involves swiping the ATM card at an ATM Machine and then input a four digit pin into the terminal for verification. This method is susceptible to many types of attacks such as shoulder surfing, replay attack and ATM card skimming. In this paper, we are proposing a system in which a QR code is used as an alternative to the physical ATM card based authentication. This system can be incorporated in smartphones and other wearable device thereby eliminating the need for carrying ATM cards. QR codes are generated in the wearable device as well as the ATM machine to carry out User Authorization. An eight-digit long pin is generated to make the system more secure than present one. A background server is used to generate unique 8 digit pins for each transaction. This background server also manages transactions and links them to a user’s bank account when a transaction is underway. This scheme protects the user from shoulder surfing or observation attacks, replay attacks and partial observation attacks.
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...IJRTEMJOURNAL
The scope of this work extends to system components (for example service providers, networks,
servers, hosts, applications, processes and personnel) which are used to exchange PIN-related data. The PIN
Guidelines in this document encompass PIN security within any one system or sub-system and between systems.
This process designs 10 digit keypad with random RGB color SCHEME using a Fast Finite-State Algorithm for
Generating RGB Palettes of Color. In this work, we propose a color finite-state LBG (CFSLBG) algorithm that
reduces the computation time by exploiting the correlations of palette entries between the current and previous
iterations.
E Authentication System with QR Code and OTPijtsrd
As a fast web framework is being created and individuals are informationized, even the budgetary undertakings are occupied with web field. In PC organizing, hacking is any specialized exertion to control the ordinary conduct of system associations and associated frameworks. The current web banking framework was presented to the threat of hacking and its result which couldnt be overlooked. As of late, the individual data has been spilled by a high degree technique, for example, Phishing or Pharming past grabbing a clients ID and Password. Along these lines, a protected client affirmation framework gets considerably more fundamental and significant. Right now, propose another Online Banking Authentication framework. This confirmation framework utilized Mobile OTP with the mix of QR code which is a variation of the 2D standardized identification. 1 6 7 Afrin Hussain "E-Authentication System with QR Code & OTP" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-3 , April 2020, URL: https://www.ijtsrd.com/papers/ijtsrd30808.pdf Paper Url :https://www.ijtsrd.com/computer-science/computer-security/30808/eauthentication-system-with-qr-code-and-otp/afrin-hussain
A MOBILE BASED ANTI-PHISHING AUTHENTICATION SCHEME USING CHALLENGE-RESPONSE A...ijiert bestjournal
Quick Response (QR) code are 2D (two dimension) matrix code. Here it is use for secure authentication. Now days Internet is most commonlyused medium to access the information. People are using many website like online banking,insurance,shopping etc. these websites requires the strong authentication. Using a pair of username and password authentication scheme is not secure enough since attacker can collect information from web phishing and computer infection. Various malware or intended programs attempt to capture the confidential information from personal computer. Therefore,secure authentication scheme is required. Many authentication methods have been developed such as one time password,SMS base OTP system and some using bio-metric feature. Some of these authentications are fail due to network problem and increases the cost. People are increasingly used in all life fields,especially with the wide spread of Android smart phones which are used as QR-code scanners
IRJET- High Security System for Money Carrying VAN to ATM’SIRJET Journal
This document summarizes a research project that developed a high security system for money carrying vans. The system uses both a password entered on a keypad and fingerprint authentication for security. It contains a microcontroller, fingerprint sensor, LCD display, GSM module, and keypad. If an unauthorized person enters the wrong password, access is denied and an alert message is sent via the GSM module. If the password is correct but the fingerprint does not match, access is again denied and an alert sent. The system is designed to improve security when transporting money in vans compared to using guards alone.
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...IRJET Journal
This document proposes enhancing credit card transaction security in ATMs through a three-step verification process using password, fingerprint recognition, and one-time passwords (OTPs). It involves using KNN clustering to verify passwords, displaying a dummy balance if the password is incorrect, matching fingerprints to stored templates, and sending an OTP to the registered phone number if fingerprints match. This approach aims to strengthen user authentication and prevent fraudulent transactions using stolen cards and passwords guessed through brute force attacks. The system is analyzed in MATLAB and is found to provide improved security over existing one-step password verification methods.
IRJET- Artificial Intelligence based Smart ATMIRJET Journal
This document proposes an artificial intelligence-based smart ATM system with enhanced security features. It summarizes existing ATM security issues and proposes adding biometric authentication using fingerprints instead of cards and PINs. The proposed system uses AI for easy user interaction, image processing to detect issues like insufficient funds, and additional security measures like automatic door locking, alerts to law enforcement, and limiting the number of users in the ATM area at one time. The goal is to add multiple layers of security to reduce ATM fraud and theft compared to existing card-and-PIN based systems.
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...Eswar Publications
The steady growth in electronic transactions has promoted the Automated Teller Machine (ATM) thereby making it the main transaction channel for carrying out financial transactions. However, this has also increased the amount of fraudulent activities carried out on Automated Teller Machines (ATMs) thereby calling for efficient security mechanisms and increasing the demand for fast and accurate user identification and
authentication in ATMs. This research analyses, designs and proposes a biometric authentication prototype for integrating fingerprint security with ATMs as an added layer of security. A fingerprint biometric technique was fused with personal identification numbers (PIN's) for authentication to ameliorate the security level. The prototype was simulated using a fingerprint scanner and Java Platform Enterprise Edition was used to develop an ATM application which was used to synchronize with a fingerprint scanner thereby providing a biometric authentication scheme for carrying out transactions on an ATM.
IRJET - Three Layered Security for BankingIRJET Journal
This document describes a proposed three-layered security system for online banking authentication. The system uses username and password for the first layer of authentication. For the second layer, a QR code encrypted with the user's IMEI number is displayed, which must be scanned by their smartphone. For the third layer, an OTP is sent to the user's smartphone after successful QR code scan. This three-layered approach provides stronger security than username and password alone by distributing the authentication process across multiple devices and utilizing different authentication methods at each layer. The system is designed to be more secure against attacks like keylogging compared to a single-factor authentication system.
Online Secure payment System using shared ImagesIRJET Journal
This document proposes a new secure payment system for online shopping that uses steganography and visual cryptography. It aims to minimize customer information shared with merchants to prevent fraud and identity theft. The system works as follows:
1) A customer hides their bank password in an image using steganography. They share one image share with a certified authority and keep the other.
2) During checkout, the customer submits their share to the authority who combines it with their share to reveal the hidden password.
3) The authority sends the password to the bank which verifies the customer and transfers funds to the merchant. The merchant only receives information to validate payment.
4) This limits the customer data exposed to merchants, prevents mis
This document discusses two-factor authentication in the banking sector, specifically evaluating its performance for automated teller machines (ATMs). It provides background on ATMs, including a brief history of their development from the late 1960s onward. It describes how two-factor authentication works for ATM transactions, requiring both the physical ATM card and a personal identification number (PIN). The document examines different factors of authentication and classifications of factors into things the user has, knows, and is (biometrics).
During the past decade e banking has emerged with enormous speed The use of e banking and the application of e banking is now enormous these days But the modern banking completely relies on internet and computer technology, the threats and the chances of breaching the security has also increased We are totally dependent on the internet to carry out the transactions and the daily routines in the banks Thus there is the immense need of increasing the security in the banking field We have developed the system in which we have developed a secure banking system We are using Finger print authentication device and the GSM module to carry out the functionalities of the system Bilal Hussain Ch | Subayyal "Secure E-Banking Using Bioinformatics" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-6 , October 2018, URL: http://www.ijtsrd.com/papers/ijtsrd18455.pdf
Demystifying Attacks on Point of Sales SystemsSymantec
Cybercriminals have an insatiable thirst for credit card data. There are multiple ways to steal this information on-line, but Point of Sales are the most tempting target. An estimated 60 percent of purchases at retailers’ Point of Sale (POS) are paid for using a credit or debit card. Given that large retailers may process thousands of transactions daily though their POS, it stands to reason that POS terminals have come into the crosshairs of cybercriminals seeking large volumes of credit card data. Download our Attacks on Point of Sales Systems whitepaper for details on how POS attacks are carried out, and how to protect against them.
The project sets sight on authenticating the conventional Credit card transaction system. In the prevailing system though the Credit card paves a convenient mode of transactions, it is subjected to more jeopardy. As technology extends its limit, the way of hacking and cracking also goes along the road. In out proposed system, in every transaction with the Credit card a handshaking signal is achieved with the cardholder. The handshaking method is achieved by transferring the transaction time and the purchase details to the mobile of the cardholder by means of a GSM modem. From the acknowledgement and authentication received from the cardholder’s mobile further transaction proceeds. The system used the MCU for the security issues between the Mobile and the Card. Reports can also be generated for every successful authentication.
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
This document describes a proposed system to assist visually impaired people in using ATMs. The system would allow users to select either a normal or special "blind mode" using voice commands. In blind mode, a fingerprint scanner and encrypted smart card are used for authentication instead of a PIN. Voice prompts then guide the user through transactions like checking balances or withdrawing cash. The system aims to provide independent banking access for the visually impaired through fingerprint authentication and voice interaction instead of traditional screen-based ATM interfaces.
The ultimate across the board user authentication approach in use today is evidently the password-based authentication.
When we carry out a credit card transaction through the EDC (Electronic Data Capture) machine in the public, the user’s PIN number
becomes very much vulnerable to the direct observation by nearby adversaries in huddled places, promoted by vision enhancing and/or
recording appliances. Devising a secure PIN entry method during the credit card transaction in such a situation is a strenuous task.
Currently, there is no pragmatic solution being implemented for this problem. This paper starts with the investigation of the current
status about the direct experiential attacks. Our analysis about these attacks terminates that no practical available solution at present for
these direct observational attacks. This paper introduces a model which attempts to make the PIN number entry secure during credit
card transactions in public places. Our model aims to use the user’s mobile phone for PIN number entry rather than the merchant’s
user machine. The best tract about the proposed model is that the PIN number does not get revealed to any of the direct observational
attacks, be it direct human observation or observation by a video camera.
A secure communication in smart phones using two factor authenticationseSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
IRJET- Guarded Remittance System Employing WANET for Catastrophe RegionIRJET Journal
This document proposes an offline mobile payment system for catastrophe regions using Wireless Ad-hoc Networks (WANETs). The system aims to enable payments when fixed infrastructure like cellular towers are unavailable after disasters. It introduces a mobile payment app that allows customers to make payments offline by communicating through an infrastructure-less wireless network established via WANET. The system uses multilevel endorsement and digital signatures to guarantee payments and prevent double spending. It also provides an interface for users to view and upload information about regional conditions like roadblocks or flooding to help others in the disaster area.
Tokenization is a technology used by banks to protect customer data from fraud. It involves substituting sensitive data with unique, non-sensitive tokens. This makes the data less useful to hackers if accessed without context. Tokenization protects data during transactions more effectively than encryption alone by not requiring decryption of sensitive details that could be exposed. Common payment attacks like relay attacks that steal data during transactions cannot be used with tokenized data since the token cannot be used outside of its intended transaction.
MCS Microsystems Sdn Bhd is a Malaysian IT security technology provider that has experience providing solutions for trusted digital identity, biometrics, RFID, and distributed ledger technology. The document discusses MCS's ONE ID total solution for digital identity management at airports that leverages technologies like e-passports, biometrics, self-service kiosks, and blockchain to enable contactless processing from check-in to boarding while enhancing security. It also describes additional solutions MCS provides related to health passports, asset tracking, video surveillance, and more.
UPI allows users to download their bank's app from the Google Store to access Unified Payments Interface services. Users choose an ID like Aadhaar number or mobile number and create a 4-digit PIN to register their bank account details. The app uses an M-pin to validate transactions and complete the registration process.
This document proposes a location-based authentication system for enhancing e-banking security on smartphones. It reviews how location can be used as an additional authentication factor beyond traditional methods like passwords. The system would authenticate users by checking their GPS location on a timely basis in addition to their credentials. Using location tracking and self-destructing encryption keys that expire makes the system more secure by preventing unauthorized access to banking data and funds from outside approved locations. The goal is to offer banks more secure ways to provide mobile banking services via smartphone applications.
IRJET- Smart Shopping Trolley System using MicrocontrollerIRJET Journal
The document proposes a smart shopping trolley system using RFID technology and a microcontroller to automatically calculate the total bill of items placed in the trolley. This system would help reduce the time customers spend in long queues at billing counters in shopping malls by detecting RFID tags on products as they are added to the trolley and instantly displaying the running total cost. The proposed design and its components like RFID tags, reader, microcontroller, and LCD display are described along with how the system would work to speed up the shopping checkout process.
Cidway is a mobile security company that provides two-factor authentication and transaction signature solutions. Their product line includes hardware tokens, software tokens for mobile phones, and SDKs for integration. Their solutions provide strong authentication using time-based one-time passwords along with transaction signatures to prevent man-in-the-middle attacks. They have clients in banking, mobile payments, and other industries and aim to make authentication and transactions simple, secure, and user-friendly.
The document proposes a virtual password system to improve security for online banking transactions. In the proposed system, a mobile application is used to generate one-time virtual passwords based on a permanent PIN number and random number, removing the vulnerabilities of password delivery via SMS. This virtual password system aims to enhance security by making password guessing and hacking techniques like phishing and keylogging more difficult to exploit.
IRJET- High Security in Automated Fare Collection for TollSystem with NFC usi...IRJET Journal
This document describes a proposed system for providing high security in automated fare collection for toll systems using near field communication (NFC) and the AES encryption algorithm. The proposed system aims to securely store entrance data for tolls in an encrypted format on the server to prevent tampering with information like check-in times. It also monitors individual user behavior by verifying information like driving licenses and insurance during payment processing. The system registers users and creates wallet accounts to deposit funds and deduct toll payments directly using NFC-enabled smartphones. It implements NFC for contactless mobile payments and uses the AES algorithm to encrypt entrance data transmitted to the centralized server for validation during fare calculation.
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...Eswar Publications
The steady growth in electronic transactions has promoted the Automated Teller Machine (ATM) thereby making it the main transaction channel for carrying out financial transactions. However, this has also increased the amount of fraudulent activities carried out on Automated Teller Machines (ATMs) thereby calling for efficient security mechanisms and increasing the demand for fast and accurate user identification and
authentication in ATMs. This research analyses, designs and proposes a biometric authentication prototype for integrating fingerprint security with ATMs as an added layer of security. A fingerprint biometric technique was fused with personal identification numbers (PIN's) for authentication to ameliorate the security level. The prototype was simulated using a fingerprint scanner and Java Platform Enterprise Edition was used to develop an ATM application which was used to synchronize with a fingerprint scanner thereby providing a biometric authentication scheme for carrying out transactions on an ATM.
IRJET - Three Layered Security for BankingIRJET Journal
This document describes a proposed three-layered security system for online banking authentication. The system uses username and password for the first layer of authentication. For the second layer, a QR code encrypted with the user's IMEI number is displayed, which must be scanned by their smartphone. For the third layer, an OTP is sent to the user's smartphone after successful QR code scan. This three-layered approach provides stronger security than username and password alone by distributing the authentication process across multiple devices and utilizing different authentication methods at each layer. The system is designed to be more secure against attacks like keylogging compared to a single-factor authentication system.
Online Secure payment System using shared ImagesIRJET Journal
This document proposes a new secure payment system for online shopping that uses steganography and visual cryptography. It aims to minimize customer information shared with merchants to prevent fraud and identity theft. The system works as follows:
1) A customer hides their bank password in an image using steganography. They share one image share with a certified authority and keep the other.
2) During checkout, the customer submits their share to the authority who combines it with their share to reveal the hidden password.
3) The authority sends the password to the bank which verifies the customer and transfers funds to the merchant. The merchant only receives information to validate payment.
4) This limits the customer data exposed to merchants, prevents mis
This document discusses two-factor authentication in the banking sector, specifically evaluating its performance for automated teller machines (ATMs). It provides background on ATMs, including a brief history of their development from the late 1960s onward. It describes how two-factor authentication works for ATM transactions, requiring both the physical ATM card and a personal identification number (PIN). The document examines different factors of authentication and classifications of factors into things the user has, knows, and is (biometrics).
During the past decade e banking has emerged with enormous speed The use of e banking and the application of e banking is now enormous these days But the modern banking completely relies on internet and computer technology, the threats and the chances of breaching the security has also increased We are totally dependent on the internet to carry out the transactions and the daily routines in the banks Thus there is the immense need of increasing the security in the banking field We have developed the system in which we have developed a secure banking system We are using Finger print authentication device and the GSM module to carry out the functionalities of the system Bilal Hussain Ch | Subayyal "Secure E-Banking Using Bioinformatics" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-6 , October 2018, URL: http://www.ijtsrd.com/papers/ijtsrd18455.pdf
Demystifying Attacks on Point of Sales SystemsSymantec
Cybercriminals have an insatiable thirst for credit card data. There are multiple ways to steal this information on-line, but Point of Sales are the most tempting target. An estimated 60 percent of purchases at retailers’ Point of Sale (POS) are paid for using a credit or debit card. Given that large retailers may process thousands of transactions daily though their POS, it stands to reason that POS terminals have come into the crosshairs of cybercriminals seeking large volumes of credit card data. Download our Attacks on Point of Sales Systems whitepaper for details on how POS attacks are carried out, and how to protect against them.
The project sets sight on authenticating the conventional Credit card transaction system. In the prevailing system though the Credit card paves a convenient mode of transactions, it is subjected to more jeopardy. As technology extends its limit, the way of hacking and cracking also goes along the road. In out proposed system, in every transaction with the Credit card a handshaking signal is achieved with the cardholder. The handshaking method is achieved by transferring the transaction time and the purchase details to the mobile of the cardholder by means of a GSM modem. From the acknowledgement and authentication received from the cardholder’s mobile further transaction proceeds. The system used the MCU for the security issues between the Mobile and the Card. Reports can also be generated for every successful authentication.
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
This document describes a proposed system to assist visually impaired people in using ATMs. The system would allow users to select either a normal or special "blind mode" using voice commands. In blind mode, a fingerprint scanner and encrypted smart card are used for authentication instead of a PIN. Voice prompts then guide the user through transactions like checking balances or withdrawing cash. The system aims to provide independent banking access for the visually impaired through fingerprint authentication and voice interaction instead of traditional screen-based ATM interfaces.
The ultimate across the board user authentication approach in use today is evidently the password-based authentication.
When we carry out a credit card transaction through the EDC (Electronic Data Capture) machine in the public, the user’s PIN number
becomes very much vulnerable to the direct observation by nearby adversaries in huddled places, promoted by vision enhancing and/or
recording appliances. Devising a secure PIN entry method during the credit card transaction in such a situation is a strenuous task.
Currently, there is no pragmatic solution being implemented for this problem. This paper starts with the investigation of the current
status about the direct experiential attacks. Our analysis about these attacks terminates that no practical available solution at present for
these direct observational attacks. This paper introduces a model which attempts to make the PIN number entry secure during credit
card transactions in public places. Our model aims to use the user’s mobile phone for PIN number entry rather than the merchant’s
user machine. The best tract about the proposed model is that the PIN number does not get revealed to any of the direct observational
attacks, be it direct human observation or observation by a video camera.
A secure communication in smart phones using two factor authenticationseSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
IRJET- Guarded Remittance System Employing WANET for Catastrophe RegionIRJET Journal
This document proposes an offline mobile payment system for catastrophe regions using Wireless Ad-hoc Networks (WANETs). The system aims to enable payments when fixed infrastructure like cellular towers are unavailable after disasters. It introduces a mobile payment app that allows customers to make payments offline by communicating through an infrastructure-less wireless network established via WANET. The system uses multilevel endorsement and digital signatures to guarantee payments and prevent double spending. It also provides an interface for users to view and upload information about regional conditions like roadblocks or flooding to help others in the disaster area.
Tokenization is a technology used by banks to protect customer data from fraud. It involves substituting sensitive data with unique, non-sensitive tokens. This makes the data less useful to hackers if accessed without context. Tokenization protects data during transactions more effectively than encryption alone by not requiring decryption of sensitive details that could be exposed. Common payment attacks like relay attacks that steal data during transactions cannot be used with tokenized data since the token cannot be used outside of its intended transaction.
MCS Microsystems Sdn Bhd is a Malaysian IT security technology provider that has experience providing solutions for trusted digital identity, biometrics, RFID, and distributed ledger technology. The document discusses MCS's ONE ID total solution for digital identity management at airports that leverages technologies like e-passports, biometrics, self-service kiosks, and blockchain to enable contactless processing from check-in to boarding while enhancing security. It also describes additional solutions MCS provides related to health passports, asset tracking, video surveillance, and more.
UPI allows users to download their bank's app from the Google Store to access Unified Payments Interface services. Users choose an ID like Aadhaar number or mobile number and create a 4-digit PIN to register their bank account details. The app uses an M-pin to validate transactions and complete the registration process.
This document proposes a location-based authentication system for enhancing e-banking security on smartphones. It reviews how location can be used as an additional authentication factor beyond traditional methods like passwords. The system would authenticate users by checking their GPS location on a timely basis in addition to their credentials. Using location tracking and self-destructing encryption keys that expire makes the system more secure by preventing unauthorized access to banking data and funds from outside approved locations. The goal is to offer banks more secure ways to provide mobile banking services via smartphone applications.
IRJET- Smart Shopping Trolley System using MicrocontrollerIRJET Journal
The document proposes a smart shopping trolley system using RFID technology and a microcontroller to automatically calculate the total bill of items placed in the trolley. This system would help reduce the time customers spend in long queues at billing counters in shopping malls by detecting RFID tags on products as they are added to the trolley and instantly displaying the running total cost. The proposed design and its components like RFID tags, reader, microcontroller, and LCD display are described along with how the system would work to speed up the shopping checkout process.
Cidway is a mobile security company that provides two-factor authentication and transaction signature solutions. Their product line includes hardware tokens, software tokens for mobile phones, and SDKs for integration. Their solutions provide strong authentication using time-based one-time passwords along with transaction signatures to prevent man-in-the-middle attacks. They have clients in banking, mobile payments, and other industries and aim to make authentication and transactions simple, secure, and user-friendly.
The document proposes a virtual password system to improve security for online banking transactions. In the proposed system, a mobile application is used to generate one-time virtual passwords based on a permanent PIN number and random number, removing the vulnerabilities of password delivery via SMS. This virtual password system aims to enhance security by making password guessing and hacking techniques like phishing and keylogging more difficult to exploit.
IRJET- High Security in Automated Fare Collection for TollSystem with NFC usi...IRJET Journal
This document describes a proposed system for providing high security in automated fare collection for toll systems using near field communication (NFC) and the AES encryption algorithm. The proposed system aims to securely store entrance data for tolls in an encrypted format on the server to prevent tampering with information like check-in times. It also monitors individual user behavior by verifying information like driving licenses and insurance during payment processing. The system registers users and creates wallet accounts to deposit funds and deduct toll payments directly using NFC-enabled smartphones. It implements NFC for contactless mobile payments and uses the AES algorithm to encrypt entrance data transmitted to the centralized server for validation during fare calculation.
BIOMETRIC AND MAGIC PIN AUTHENTICATION SYSTEM FOR ATMIRJET Journal
This document discusses a proposed biometric and magic PIN authentication system for ATMs. The system would combine the use of a physical access card, a randomly generated "MagicPIN", and facial recognition using deep convolutional neural networks. If adopted, the system aims to improve security by verifying card owners' identities through biometric authentication in addition to requiring possession of the access card. The system is intended to help solve problems of account security and ensure only the real account owner can access their accounts. It analyzes related work on ATM security and discusses how the proposed system could provide benefits like being more secure, convenient, and preventing fraud compared to existing PIN-based authentication methods.
IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...IRJET Journal
This document proposes a new interface called Steganopin that aims to improve security for personal identification number (PIN) entry. It introduces two methods: 1) A "virtual PIN" or "Steganopin" that can be used for fixed or limited online transactions with additional one-time password verification. 2) A "two-faced keypad" with a standard keypad and a shuffled keypad. The standard keypad is used to enter the PIN, while the shuffled keypad appears briefly to derive the one-time password, hiding the actual PIN from potential onlookers. Together these methods aim to enhance security by making the PIN entry process more indirect and discrete.
Survey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-PaymentsIRJET Journal
This document summarizes and compares previous research on secure offline micro-payment systems. It describes FRoDO, a new proposed system that features an identity element and coin element to enable secure offline payments. The identity element is embedded in the customer's device and is used to link a coin element to that specific device. This provides two-factor authentication. The coin element uses a physical unclonable function and regenerative keys to securely read and redeem digital coins. The document reviews related work on context-aware and software-based authentication solutions, offline micropayment schemes without trusted hardware, and approaches using hash-chaining in mobile networks. It concludes that FRoDO is the first solution able to provide fully secure offline
The document discusses the design of a mobile payment system using QR codes in Zimbabwe. It aims to provide a more secure and cost-effective alternative to current mobile payment methods like USSD, which have vulnerabilities. The proposed system has three parts: a QR code for identification, a Qpay Android app, and a payment server. The QR code would be scanned by the app to process encrypted payments via a HTTPS connection to the server. The system is designed to address security issues through authentication management, session management, certification management, and key management components. It is argued that QR code payments could provide a fast and simple bridge from physical goods to digital payments for micropayments, though mobile platform diversity poses challenges.
IRJET- Easykey - Multipurpose RFID Card based IoT SystemIRJET Journal
This document describes a proposed system called EasyKey that uses a single RFID card to perform the functions of multiple cards for authentication and payment. The system would use two-factor authentication via a mobile device to securely approve transactions initiated by scanning the RFID card. When a user scans their EasyKey card at a vendor, the vendor device would send an authentication request to the EasyKey server, which would then notify the user's mobile device. The user could approve or deny the transaction from their phone. The system aims to reduce the number of cards users need to carry by consolidating authentication and payment onto a single multipurpose RFID card.
IRJET- Smart Shopping Application using NFCIRJET Journal
This paper proposes a smart shopping application that uses near field communication (NFC) technology to allow customers to scan product tags with their mobile phones to view product details, add items to a cart, and make contactless payments using an e-wallet. The goal is to streamline the shopping experience by eliminating long lines and allowing customers to purchase and pay for items directly from their phone. The proposed system would integrate an Android application, NFC tags on products, a product database accessed via web services, and payment processing to enable a more convenient and secure mobile shopping solution.
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET Journal
This document discusses various multi-factor authentication methods including smart cards, graphical passwords, risk assessment, mobile phone tokens, GPS location and timestamp, hand vein recognition, DNA recognition, and biometric authentication. It provides details on how each method works and evaluates factors like universality, uniqueness, collectability, performance and acceptability for multi-factor authentication. The document aims to review different technical approaches to implement multi-factor authentication for secure user identification.
Transactions Using Bio-Metric AuthenticationIRJET Journal
This document proposes a new method for securing ATM and point-of-sale transactions using biometric authentication. The current systems that rely only on PINs are not fully secure as PINs can be stolen. The proposed method uses facial recognition combined with PIN entry to verify the identity of the user. It describes capturing a photo of the user's face at the ATM/point-of-sale machine and matching it with their biometric database profile for authentication. If an unauthorized person tries to use the card, their photo would be sent to the registered user for verification before allowing the transaction. This provides improved security over existing authentication methods.
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...IJSRED
This document summarizes a proposed system for a multi-account ATM card that allows users to access multiple bank accounts with one card. The system uses eye tracking and facial recognition to authenticate authorized users. For unauthorized users, it sends an OTP to the authorized user's phone that must be entered for access. This provides enhanced security while allowing the convenience of managing multiple accounts in one card. If eye tracking authenticates the user, they can select the bank account to use from a displayed list.
Integration Of Triangular Location Detection, IoT, Open CV - User Authenti...IRJET Journal
This document proposes a system that uses triangular location detection with IoT, OpenCV, and Zigbee hardware for user authentication during ATM cash loading for improved security. The system uses three Zigbees connected to the delivery vehicle, user's mobile phone, and ATM. When all three are within range, indicating the vehicle is at the ATM, an OTP is generated and verified between the vehicle and ATM Zigbees. In addition to OTP, user signature is verified using OpenCV after cash is loaded into the ATM, providing multi-factor authentication. This integrated system aims to provide more reliable and effective security compared to existing signature or PIN-based authentication alone.
The document discusses digital wallets, including what they are, their components and technology, payment models, challenges, and the future of digital wallets. A digital wallet allows secure electronic payments and storage of payment methods and identification. It discusses how digital wallets use near-field communication (NFC) technology and secure storage to facilitate electronic payments from mobile devices. The future of digital wallets may include integrated services like bill payment, coupons, shopping comparisons, and personal information management.
Current Trends Related to Mobile Network Operators & FIDO SCA AdoptionFIDO Alliance
1) Mobile network operators are cooperating to standardize identity authentication services and enable strong customer authentication as required by new regulations.
2) Regulations are changing the landscape for remote payments, and FIDO is seen as the industry standard solution for replacing passwords with more secure authentication using biometrics and devices.
3) Major companies like banks and mobile operators have deployed FIDO-based strong customer authentication, seeing benefits like reduced fraud and password reset costs.
This document proposes a system for multi-factor authentication using one-time passwords (OTPs) generated on a user's mobile device without needing an internet or SMS connection. The system would work by registering user devices based on identifiers like IMEI and IMSI numbers. During login, the server would send random index variables to the mobile app to generate an OTP using those values, a secret seed derived from the device identifiers, and cryptographic hashing functions. If the server-generated and mobile app-generated OTPs match, access would be granted. This approach aims to securely generate OTPs offline to strengthen authentication without relying on SMS or internet connections.
OCR DETECTION AND BIOMETRIC AUTHENTICATED CREDIT CARD PAYMENT SYSTEM.IRJET Journal
This document proposes an OCR detection and biometric authenticated credit card payment system. It aims to simplify online transactions by using fingerprint authentication and OCR to detect credit/debit card details from images, reducing the multi-step verification process to a single step. The system utilizes convolutional neural networks for OCR and fingerprint authentication via web authentication standards. It analyzes the architecture and implementation steps for OCR detection and fingerprint verification. The document concludes the proposed system could increase security for credit card companies and help reduce online transaction fraud.
IRJET- Implementation of Secured ATM by Wireless Password Transfer and Keypad...IRJET Journal
This document proposes improvements to ATM security through wireless password transfer and keypad shuffling. It discusses how shoulder surfing allows thieves to steal PINs and introduces two techniques to prevent this. Keypad shuffling randomly rearranges keys after each user to confuse onlookers. Wireless password transfer involves the user entering their PIN on their phone via Bluetooth, which is then verified by the ATM. The document provides details on implementing these techniques using components like Arduino, Bluetooth and WiFi modules, buttons, and displays. It describes algorithms for random number generation and OTP creation. The proposed methods aim to enhance security by confusing password guessing and preventing PIN theft.
The document discusses Cidway's mobile authentication solution for securing point-of-sale transactions. The solution uses one-time passwords displayed on the user's mobile phone that are input at the point of sale. It provides security, convenience with no waiting for SMS, and benefits for merchants like lower transaction costs. Cidway also provides authentication solutions for online and mobile banking, mobile payments, enterprise access, and other sectors.
Mobile acceptance and guidance for Merchants, Service Provider and End user. Securing account data on Mobile Acceptance is very important.
Mobile Payment Acceptance Security risks are inherent to the application, underlying infrastructure, and increased by removable components like SIM and memory card. Vendor and manufacturer debugging and logging configuration can add to it. All Mobile Applications cannot be PA DSS validated (only category 1 and 2 can go for PA DSS listing)
Similar to Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop Mobile Payment Systems (20)
Content-Based Image Retrieval (CBIR) systems have been used for the searching of relevant images in various research areas. In CBIR systems features such as shape, texture and color are used. The extraction of features is the main step on which the retrieval results depend. Color features in CBIR are used as in the color histogram, color moments, conventional color correlogram and color histogram. Color space selection is used to represent the information of color of the pixels of the query image. The shape is the basic characteristic of segmented regions of an image. Different methods are introduced for better retrieval using different shape representation techniques; earlier the global shape representations were used but with time moved towards local shape representations. The local shape is more related to the expressing of result instead of the method. Local shape features may be derived from the texture properties and the color derivatives. Texture features have been used for images of documents, segmentation-based recognition,and satellite images. Texture features are used in different CBIR systems along with color, shape, geometrical structure and sift features.
This document discusses clickjacking attacks, which hijack users' clicks to perform unintended actions. It provides an overview of clickjacking, describes different types of attacks, and analyzes vulnerabilities that make websites susceptible. Experiments are conducted on a sample social networking site, applying various clickjacking techniques. Potential defenses are tested, including X-Frame-Options headers and frame busting code. A proposed solution detects transparent iframes to warn users and check for hidden mouse pointers to mitigate cursorjacking. Analysis of top Jammu and Kashmir websites found most were vulnerable, while browser behavior studies showed varying support for defenses.
Performance Analysis of Audio and Video Synchronization using Spreaded Code D...Eswar Publications
The audio and video synchronization plays an important role in speech recognition and multimedia communication. The audio-video sync is a quite significant problem in live video conferencing. It is due to use of various hardware components which introduces variable delay and software environments. The objective of the synchronization is used to preserve the temporal alignment between the audio and video signals. This paper proposes the audio-video synchronization using spreading codes delay measurement technique. The performance of the proposed method made on home database and achieves 99% synchronization efficiency. The audio-visual
signature technique provides a significant reduction in audio-video sync problems and the performance analysis of audio and video synchronization in an effective way. This paper also implements an audio- video synchronizer and analyses its performance in an efficient manner by synchronization efficiency, audio-video time drift and audio-video delay parameters. The simulation result is carried out using mat lab simulation tools and simulink. It is automatically estimating and correcting the timing relationship between the audio and video signals and maintaining the Quality of Service.
Due to the availability of complicated devices in industry, models for consumers at lower cost of resources are developed. Home Automation systems have been developed by several researchers. The limitations of home automation includes complexity in architecture, higher costs of the equipment, interface inflexibility. In this paper as we have proposed, the working protocol of PIC 16F72 technology is which is secure, cost efficient, flexible that leads to the development of efficient home automation systems. The system is operational to control various home appliances like fans, Bulbs, Tube light. The following paper describes about components used and working of all components connected. The home automation system makes use of Android app entitled “Home App” which gives
flexibility and easy to use GUI.
Semantically Enchanced Personalised Adaptive E-Learning for General and Dysle...Eswar Publications
E-learning plays an important role in providing required and well formed knowledge to a learner. The medium of e- learning has achieved advancement in various fields such as adaptive e-learning systems. The need for enhancing e-learning semantically can enhance the retrieval and adaptability of the learning curriculum. This paper provides a semantically enhanced module based e-learning for computer science programme on a learnercentric perspective. The learners are categorized based on their proficiency for providing personalized learning environment for users. Learning disorders on the platform of e-learning still require lots of research. Therefore, this paper also provides a personalized assessment theoretical model for alphabet learning with learning objects for
children’s who face dyslexia.
Agriculture plays an important role in the economy of our country. Over 58 percent of the rural households depend on the agriculture sector as their means of livelihood. Agriculture is one of the major contributors to Gross Domestic Product(GDP). Seeds are the soul of agriculture. This application helps in reducing the time for the researchers as well as farmers to know the seedling parameters. The application helps the farmers to know about the percentage of seedlings that will grow and it is very essential in estimating the yield of that particular crop. Manual calculation may lead to some error, to minimize that error, the developed app is used. The scientist and farmers require the app to know about the physiological seed quality parameters and to take decisions regarding their farming activities. In this article a desktop app for seed germination percentage and vigour index calculation are developed in PHP scripting language.
What happens when adaptive video streaming players compete in time-varying ba...Eswar Publications
Competition among adaptive video streaming players severely diminishes user-QoE. When players compete at a bottleneck link many do not obtain adequate resources. This imbalance eventually causes ill effects such as screen flickering and video stalling. There have been many attempts in recent years to overcome some of these problems. However, added to the competition at the bottleneck link there is also the possibility of varying network bandwidth which can make the situation even worse. This work focuses on such a situation. It evaluates current heuristic adaptive video players at a bottleneck link with time-varying bandwidth conditions. Experimental setup includes the TAPAS player and emulated network conditions. The results show PANDA outperforms FESTIVE, ELASTIC and the Conventional players.
WLI-FCM and Artificial Neural Network Based Cloud Intrusion Detection SystemEswar Publications
Security and Performance aspects of cloud computing are the major issues which have to be tended to in Cloud Computing. Intrusion is one such basic and imperative security problem for Cloud Computing. Consequently, it is essential to create an Intrusion Detection System (IDS) to detect both inside and outside assaults with high detection precision in cloud environment. In this paper, cloud intrusion detection system at hypervisor layer is developed and assesses to detect the depraved activities in cloud computing environment. The cloud intrusion detection system uses a hybrid algorithm which is a fusion of WLI- FCM clustering algorithm and Back propagation artificial Neural Network to improve the detection accuracy of the cloud intrusion detection system. The proposed system is implemented and compared with K-means and classic FCM. The DARPA’s KDD cup dataset 1999 is used for simulation. From the detailed performance analysis, it is clear that the proposed system is able to detect the anomalies with high detection accuracy and low false alarm rate.
Spreading Trade Union Activities through Cyberspace: A Case StudyEswar Publications
This report present the outcome of an investigative research conducted to examine the modu-operandi of academic staff union of polytechnics (ASUP) YabaTech. The investigation covered the logistics and cost implication for spreading union activities among members. It was discovered that cost of management and dissemination of information to members was at high side, also logistics problem constitutes to loss of information in transit hence cut away some members from union activities. To curtail the problem identified, we proposed the
design of secure and dynamic website for spreading union activities among members and public. The proposed system was implemented using HTML5 technology, interface frameworks like Bootstrap and j query which enables the responsive feature of the application interface. The backend was designed using PHPMYSQL. It was discovered from the evaluation of the new system that cost of managing information has reduced considerably, and logistic problems identified in the old system has become a forgotten issue.
Identifying an Appropriate Model for Information Systems Integration in the O...Eswar Publications
Nowadays organizations are using information systems for optimizing processes in order to increase coordination and interoperability across the organizations. Since Oil and Gas Industry is one of the large industries in whole of the world, there is a need to compatibility of its Information Systems (IS) which consists three categories of systems: Field IS, Plant IS and Enterprise IS to create interoperability and approach the
optimizing processes as its result. In this paper we introduce the different models of information systems integration, identify the types of information systems that are using in the upstream and downstream sectors of petroleum industry, and finally based on expert’s opinions will identify a suitable model for information systems integration in this industry.
Link-and Node-Disjoint Evaluation of the Ad Hoc on Demand Multi-path Distance...Eswar Publications
This work illustrates the AOMDV routing protocol. Its ancestor, the AODV routing protocol is also described. This tutorial demonstrates how forward and reverse paths are created by the AOMDV routing protocol. Loop free paths formulation is described, together with node and link disjoint paths. Finally, the performance of the AOMDV routing protocol is investigated along link and node disjoint paths. The WSN with the AOMDV routing protocol using link disjoint paths is better than the WSN with the AOMDV routing protocol using node disjoint paths for energy consumption.
Bridging Centrality: Identifying Bridging Nodes in Transportation NetworkEswar Publications
To identify the importance of node of a network, several centralities are used. Majority of these centrality measures are dominated by components' degree due to their nature of looking at networks’ topology. We propose a centrality to identification model, bridging centrality, based on information flow and topological aspects. We apply bridging centrality on real world networks including the transportation network and show that the nodes distinguished by bridging centrality are well located on the connecting positions between highly connected regions. Bridging centrality can discriminate bridging nodes, the nodes with more information flowed through them and locations between highly connected regions, while other centrality measures cannot.
Now a days we are living in an era of Information Technology where each and every person has to become IT incumbent either intentionally or unintentionally. Technology plays a vital role in our day to day life since last few decades and somehow we all are depending on it in order to obtain maximum benefit and comfort. This new era equipped with latest advents of technology, enlightening world in the form of Internet of Things (IoT). Internet of things is such a specified and dignified domain which leads us to the real world scenarios where each object can perform some task while communicating with some other objects. The world with full of devices, sensors and other objects which will communicate and make human life far better and easier than ever. This paper provides an overview of current research work on IoT in terms of architecture, a technology used and applications. It also highlights all the issues related to technologies used for IoT, after the literature review of research work. The main purpose of this survey is to provide all the latest technologies, their corresponding
trends and details in the field of IoT in systematic manner. It will be helpful for further research.
Automatic Monitoring of Soil Moisture and Controlling of Irrigation SystemEswar Publications
In past couple of decades, there is immediate growth in field of agricultural technology. Utilization of proper method of irrigation by drip is very reasonable and proficient. A various drip irrigation methods have been proposed, but they have been found to be very luxurious and dense to use. The farmer has to maintain watch on irrigation schedule in the conventional drip irrigation system, which is different for different types of crops. In remotely monitored embedded system for irrigation purposes have become a new essential for farmer to accumulate his energy, time and money and will take place only when there will be requirement of water. In this approach, the soil test for chemical constituents, water content, and salinity and fertilizer requirement data collected by wireless and processed for better drip irrigation plan. This paper reviews different monitoring systems and proposes an automatic monitoring system model using Wireless Sensor Network (WSN) which helps the farmer to improve the yield.
Multi- Level Data Security Model for Big Data on Public Cloud: A New ModelEswar Publications
With the advent of cloud computing the big data has emerged as a very crucial technology. The certain type of cloud provides the consumers with the free services like storage, computational power etc. This paper is intended to make use of infrastructure as a service where the storage service from the public cloud providers is going to leveraged by an individual or organization. The paper will emphasize the model which can be used by anyone without any cost. They can store the confidential data without any type of security issue, as the data will be altered
in such a way that it cannot be understood by the intruder if any. Not only that but the user can retrieve back the original data within no time. The proposed security model is going to effectively and efficiently provide a robust security while data is on cloud infrastructure as well as when data is getting migrated towards cloud infrastructure or vice versa.
Impact of Technology on E-Banking; Cameroon PerspectivesEswar Publications
The financial services industry is experiencing rapid changes in services delivery and channels usage, and financial companies and users of financial services are looking at new technologies as they emerge and deciding whether or not to embrace them and the new opportunities to save and manage enormous time, cost and stress.
There is no doubt about the favourable and manifold impact of technology on e-banking as pictured in this review paper, almost all banks are with the least and most access e-banking Technological equipments like ATMs and Cards. On the other Hand cheap and readily available technology has opened a favourable competition in ebanking services business with a lot of wide range competitors competing with Commercial Banks in Cameroon in providing digital financial services.
Classification Algorithms with Attribute Selection: an evaluation study using...Eswar Publications
Attribute or feature selection plays an important role in the process of data mining. In general the data set contains more number of attributes. But in the process of effective classification not all attributes are relevant.
Attribute selection is a technique used to extract the ranking of attributes. Therefore, this paper presents a comparative evaluation study of classification algorithms before and after attribute selection using Waikato Environment for Knowledge Analysis (WEKA). The evaluation study concludes that the performance metrics of the classification algorithm, improves after performing attribute selection. This will reduce the work of processing irrelevant attributes.
Mining Frequent Patterns and Associations from the Smart meters using Bayesia...Eswar Publications
In today’s world migration of people from rural areas to urban areas is quite common. Health care services are one of the most challenging aspect that is must require to the people with abnormal health. Advancements in the technologies lead to build the smart homes, which contains various sensor or smart meter devices to automate the process of other electronic device. Additionally these smart meters can be able to capture the daily activities of the patients and also monitor the health conditions of the patients by mining the frequent patterns and
association rules generated from the smart meters. In this work we proposed a model that is able to monitor the activities of the patients in home and can send the daily activities to the corresponding doctor. We can extract the frequent patterns and association rules from the log data and can predict the health conditions of the patients and can give the suggestions according to the prediction. Our work is divided in to three stages. Firstly, we used to record the daily activities of the patient using a specific time period at three regular intervals. Secondly we applied the frequent pattern growth for extracting the association rules from the log file. Finally, we applied k means clustering for the input and applied Bayesian network model to predict the health behavior of the patient and precautions will be given accordingly.
Network as a Service Model in Cloud Authentication by HMAC AlgorithmEswar Publications
Resource pooling on internet-based accessing on use as pay environmental technology and ruled in IT field is the
cloud. Present, in every organization has trusted the web, however, the information must flow but not hold the
data. Therefore, all customers have to use the cloud. While the cloud progressing info by securing-protocols. Third
party observing and certain circumstances directly stale in flow and kept of packets in the virtual private cloud.
Global security statistics in the year 2017, hacking sensitive information in cloud approximately maybe 75.35%,
and the world security analyzer said this calculation maybe reached to 100%. For this cause, this proposed
research work concentrates on Authentication-Message-Digest-Key with authentication in routing the Network as
a Service of packets in OSPF (Open Shortest Path First) implementing Cloud with GNS3 has tested them to
securing from attackers.
Microstrip patch antennas are recently used in wireless detection applications due to their low power consumption, low cost, versatility, field excitation, ease of fabrication etc. The microstrip patch antennas are also called as printed antennas which is suffer with an array elements of antenna and narrow bandwidth. To overcome the above drawbacks, Flame Retardant Material is used as the substrate. Rectangular shape of microstrip patch antenna with FR4 material as the substrate which is more suitable for the explosive detection applications. The proposed printed antenna was designed with the dimension of 60 x 60 mm2. FR-4 material has a dielectric constant value of 4.3 with thickness 1.56 mm, length and width 60 mm and 60 mm respectively. One side of the substrate contains the ground plane of dimensions 60 x60 mm2 made of copper and the other side of the substrate contains the patch which have dimensions 34 x 29 mm2 and thickness 0.03mm which is also made of copper. RMPA without slot, Vertical slot RMPA, Double horizontal slot RMPA and Centre slot RMPA structures were
designed and the performance of the antennas were analysed with various parameters such as gain, directivity, Efield, VSWR and return loss. From the performance analysis, double horizontal slot RMPA antenna provides a better result and it provides maximum gain (8.61dB) and minimum return loss (-33.918dB). Based on the E-field excitation value the SEMTEX explosive material is detected and it was simulated using CST software.
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Choosing The Best AWS Service For Your Website + API.pptx
Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop Mobile Payment Systems
1. Int. J. Advanced Networking and Applications
Volume: 6 Issue: 2 Pages: 2285-2290 (2014) ISSN : 0975-0290
2285
Analysis of Applicability of ISO 9564 PIN based
Authentication to Closed-Loop Mobile Payment
Systems
Amal Saha*
Tata Institute of Fundamental Research (TIFR), Mumbai, INDIA,
Email: amal.k.saha@gmail.com
Sugata Sanyal
Tata Consultancy Services (TCS), Mumbai, INDIA
Email: sugata.sanyal@tcs.com
*Corresponding Author
-------------------------------------------------------------------ABSTRACT--------------------------------------------------------------------
Payment transactions initiated through a mobile device are growing and security concerns must be addressed. People
coming from payment card industry often talk passionately about porting ISO 9564 PIN standard based authentica-
tion in open-loop card payment to closed-loop mobile financial transactions and certification of closed-loop payment
product or solution against this standard. In reality, so far this standard has not been adopted in closed-loop mobile
payment authentication and applicability of this ISO standard must be studied carefully before adoption. The authors
do a critical analysis of the applicability of this ISO specification and make categorical statement about relevance of
compliance to closed-loop mobile payment. Security requirements for authentication in closed-loop mobile payment
systems are not standardised through ISO 9564 standard, Common Criteria [3], etc. Since closed-loop mobile pay-
ment is a relatively new field, the authors make a case for Common Criteria Recognition Agreement (CCRA) or other
standards organization to push for publication of a mobile device-agnostic Protection Profile or standard for it, incor-
porating the suggested authentication approaches.
Keywords: ISO 9564 PIN Based Authentication, Card-Present and Card-Not-Present Transactions, Open-Loop and
Closed-Loop Payments, Mobile Payment, Stored-Value-Account, Common Criteria Protection Profile, Device Finger-
printing, m-PIN (mobile PIN), One Time Password (OTP), Android Application component called Service, backend
service.
------------------------------------------------------------------------------------------------------------------------------
Date of Submission: October 25, 2014 Date of Acceptance: November 12, 2014
-------------------------------------------------------------------------------------------------------------------------------------------------------
I. INTRODUCTION
Financial inclusion in developing economies has been
possible with emergence of mobile closed-loop stored-
value-account based payment system that provides an
alternative to standard banking system. In African and
Asian countries and also in other emerging economies,
closed-loop payment systems have established significant
footprint. M-PESA [23] in Africa has been a huge suc-
cess.
Open-loop payment networks such as Visa, MasterCard
connect multiple parties—cardholder, financial institution
that issues payment cards, a.k.a. issuer, the merchant and
the one that has banking relationship with the merchants,
a.k.a. acquirer—and manages flow of financial data and
processing among them.
Closed-loop payment network operator provides payment
services directly to merchants and cardholders, without
involving third-party financial institution as intermediary.
Mobile closed-loop payment applications enable consum-
ers to manage and usestored-value account (SVA) and
digital wallet, through their mobile device. This is used,
for making payment, using backend services and also
using POS terminals in some cases. Various communica-
tion channels like USSD, SMS, HTTP(S), etc may be
used between application or component on mobile device
and the backend services. A basic closed-loop mobile
payment system may be functionally described as a hier-
archical money distribution and payment system involv-
ing agents and whole-sale distributor and also mobile
subscribers, with an accounting system that supports
stored-value (SVA), i.e., prepaid system. USSD and SMS
are often used as channels and a basic or feature phone is
sufficient. As a result, authentication needed for initiation
2. Int. J. Advanced Networking and Applications
Volume: 6 Issue: 2 Pages: 2285-2290 (2014) ISSN : 0975-0290
2286
of closed-loop transactions by subscribers is often based
on mobile PIN (m-PIN).
For online purchase using laptops, desktops and
smartphones, device identification [6, 13] techniques have
been used as additional authentication mechanism. Hristo
Bojinov et al[16] demonstrated how the multitude of sen-
sors on a smartphone can be used to construct a reliable
hardware fingerprint of the phone and how such a finger-
print can be used to de-anonymise mobile devices as they
connect to web sites, and as a second factor in identifying
legitimate users to a remote server. Michael Rausch et al
[18] observed cookies are the dominant technology for
tracking user on the internet, some companies have de-
veloped an alternative form of tracking known as device
fingerprinting that does not rely on cookies to identify a
visitor. In this method, a profile of the user may be creat-
ed by querying the browser through JavaScript about
characteristics such as browser version, screen size, fonts
installed and more [17, 18, 19].
It is assumed that we do not want to couple the solution of
hardening the mobile PIN (m-PIN) with the SIM (UICC)
or other forms of Secure Element [24] provided by the
telecom operator and m-PIN may be used for various ac-
cess bearers like USSD, SMS, NFC (near field communi-
cation) and mobile handset apps. Mobile devices have
been used for authentication in web payment since many
years [14, 15] and general concept of authentication in the
context of mobile is well established.
In this paper, the focus is on applicability of ISO 9564
PIN based authentication to specific type of closed-loop
payment system where payment is initiated from an appli-
cation running on device operating system and where the
owner of the closed-loop payment system is typically a
mobile network operator or a bank.
II. LITERATURE SURVEY
A. Review of ISO 9564 [1,2] Card PIN Management
in Open-Loop Card Payment Authentication
I. In ISO 9564, card PINs are protected by a secure PIN
block, to prevent dictionary attacks.
II. To protect the PIN during transmission from the se-
cure PIN entry device (e.g., a component in the POS
terminal) to the verifier, the standard requires that the
PIN be encrypted, and specifies several formats that
may be used. In each case, the PIN is encoded into
a 64-bit PIN block, which is then encrypted by an al-
gorithm approved by the specification.
III. For online interchange transactions, PINs must be
protected by encryption using ISO 9564–1 PIN-block
formats 0, 1, or 3 and also using physical security fea-
tures of secure PIN entry devices. Format 3 is recom-
mended.
a. For ISO format 0 and 3, the clear-text PIN block
and the Primary Account Number (PAN) block
must be XOR'ed together and then Triple-DES en-
crypted in electronic code book (ECB) mode to
form the 64-bit output cipher block (the reversible
encrypted PIN block).
b. ISO format 1 and format 2 are formed by concate-
nation of two fields: the plain-text PIN field and
the filler field.
c. The PIN entry device shall include tamper-
detection and response mechanisms which, if at-
tacked, cause the PIN Entry Device (PED) [10] to
become immediately inoperable and result in the
automatic and immediate erasure of any secret in-
formation that might have been stored in the PED,
such that it becomes infeasible to recover the secret
information. The PIN entry device should be able
to authenticate itself to the acquirer such that, once
compromised, it is no longer able to authenticate it-
self to the acquirer.
IV. ISO 9564 PIN block format 2 must be used for en-
crypting card PINs that are submitted from the IC card
reader to the IC card (a fact known as offline authenti-
cation).
V. All cardholder PINs processed offline using Integrated
Circuit (IC) card technology must be protected in ac-
cordance with the requirements in Book 2 of the EMV
IC Card Specifications for Payment Systems and ISO
9564.
VI. The provisions of ISO 9564-1:2011 are not intended to
cover PIN management and security in environments
where no persistent cryptographic relationship exists
between the transaction-origination device and the ac-
quirer, e.g., use of a browser for payment in online
shopping.
VII. Persistent cryptographic relationship of the type men-
tioned above may be established by sharing a secret,
e.g., symmetric encryption key between transaction
originating secure cryptographic device (component in
ATM, POS terminals, etc) and the acquirer processor.
VIII. Secure cryptographic devices used in ISO 9564 com-
pliant systems are typically FIPS 140-2 Level 3 and
EMVCo Level1 and Level2 [10, 11, 12] certified.
Most mobile devices in the market are not FIPS 140-2
certified and high-end mobile devices in the market
which are a very small fraction of overall mobile de-
vices in circulation,are certified at FIPS 140-2 Level 1
only.
3. Int. J. Advanced Networking and Applications
Volume: 6 Issue: 2 Pages: 2285-2290 (2014) ISSN : 0975-0290
2287
B. QR Code for Closed-Loop Payment
Camera of mobile device of the customer, along with
software, may scan payment information provided by
merchant in the form of QR Code and make payment. In
case of closed-loop payment, an application on mobile
device would authenticate the mobile device and/or the
customer with the backend service. Authentication may
be based on m-PIN and optionally some form of device
identity or device fingerprinting [6, 16]. Advantage is that
most phones can scan QR code, but number of phone with
NFC capability is still a small fraction.
C. Closed-Loop NFC Payment, Android HCE [9]
and EMVCo Specification [4]
NFC channel has also been used in closed-loop payment
where an application on mobile device operating system
or secure element (SE) (e.g., SIM card, embedded SE,
etc) on an NFC-enabled device used by the customer,
creates cryptogram to interact with NFC-enabled closed-
loop POS-terminal. This process directly debits fund from
the stored value account of the account holder. Here too,
authentication is needed and often it is in the form of an
m-PIN that is typically entered on the NFC-enabled mo-
bile device of the customer and is sent to the backend
service of the closed-loop payment system through the
application on the customer’s device. This is one variant
of closed-loop NFC payment. Some implementation used
SIM card of the mobile device as Secure Element and the
m-PIN entered by the customer may be validated offline
in Secure Element and the PIN is often used for authoriz-
ing cryptographic operation inside the Secure Element.
In NFC card emulation mode [7], a mobile device can
emulate contactless smart card(such as those used for
contactless payments, transit fare payment and building,
etc) when tapped on a contactless reader or point-of-sale
(POS) terminal. Until recently, the emulated contactless
card application hasbeen stored in a secure element (SE)
[7, 8], defined by GlobalPlatform as a tamper-resistant
smart card capable of securely hosting applications and
their confidential and cryptographic data. With introduc-
tion of host card emulation (HCE) [9],it is now possible
tostore the emulated contactless card application as a ser-
vice running locally on the mobile device operating sys-
tem (Service is a type of Application Component as per
Android application framework [20] ). Google’s Android
OS (v4.4 “KitKat”onwards) and the Blackberry OS sup-
port this.NFC controller in mobile device can route com-
munication from the contactless reader or POS terminal to
an HCE service on the mobile device.
With HCE, the service running on the mobile host operat-
ing system can interface with a contactless reader or POS
terminal via NFC. This HCE service can be part of a mo-
bile application with a user interface, such as a mobile
wallet for payment. HCE can be used to support both
closed-loop and open-loop payments. In case of open-
loop NFC with HCE, it should be noted that NFC applica-
tion would run on the mobile device OS rather than SE.
For open-loop NFC payment with HCE, the new EMVCo
specification compliant tokens [4], typically made valid
for limited period or number of use through configuration,
is used by this HCE service for payment [4]. The tokens
can be stored in the application itself or they could be
stored in other secure locations such as a trusted execu-
tion environment (TEE) [21] or a Secure Element(SE) or
alternatively, the HCE service could connect in real-time
or at given intervals with a back-end server in the cloud to
retrieve payment token to exchange with the contactless
terminal. Since TEE and SE limited adoption of NFC
until now, until introduction of HCE, NFC payment did
not gain significant momentum so far. Real-time retrieval
of tokens from the cloud at the moment of tapping on a
reader or POS terminal is a possible but unlikely option,
as network latency may result in a poor user experience.
Limited validity payment token specified by EMVCo in
2014 [4], would be used in place of a physical payment
card for generation and/or processing of EMV payment
cryptogram. Visa, Mastercard, and Europay, together
known as EMVCo, published a new specification for
Payment Tokenisation in Q1, 2014. Tokenisation is a way
of not exposing the permanent account number (PAN) of
the cardholder. NFC payment is perhaps the principal
driver of the new EMVCo tokenisation specification.
Here are some salient features of the new EMVCo pay-
ment tokenisation specification:
• The specification requires the token format to be similar
to credit card numbers (13-19 digits) and comply with
LUHN algorithm.
• Unlike financial tokens used today and which follow PCI
guidelines for non-payment token used for analyt-
ics/reporting, the new specification compliant token can
be used to initiate payments.
• The new specification compliant tokens are merchant or
payment network specific, so they are only relevant to a
specific domain.
• For most use cases, the PAN remains private between
issuer and customer. The token becomes a payment object
shared between merchants, payment processors, the cus-
tomer, and possibly others within the domain.
• There is an identity verification, i.e., authentication,
process to validate the requestor of a token each time a
token is requested.
• The type of token generated is variable and is based on
risk score.
• When tokens are used as a payment objects, there are
“Data Elements” which include payment network data,
cryptographic nonce and token assurance level.
4. Int. J. Advanced Networking and Applications
Volume: 6 Issue: 2 Pages: 2285-2290 (2014) ISSN : 0975-0290
2288
• There are facilities and features to address PAN privacy,
mobile payments, repayments, EMV/smartcard, and even
card-not-present web transactions.
D. Review of Apple Pay and Tokenisation [5]
In October, 2014, with iPhone 6, Apple introduced secure
contactless or NFC payment [5]. With Apple Pay, during
registration, user adds actual credit and debit card num-
bers to backend called Passbook and a unique Device
Account Number is assigned, encrypted, and securely
stored in the Secure Element, a dedicated chip in iPhone.
These numbers are not stored on Apple servers. And
when the user makes a purchase, the Device Account
Number, along with a transaction-specific dynamic, one-
time-use security code called token, is used to process
payment. Actual credit or debit card numbers are never
shared by Apple with merchants or acquirers, or transmit-
ted over the network. As for tokenisation in Apple Pay,
tokenisation and de-tokenisation operations take place at
card networks like Visa and American Express and not at
processor or payment gateway. Although compliance of
this tokenisation with new EMVCo tokenisation [4] is not
in public domain, the authors believe that at least concep-
tually, these approaches are similar.
III. CURRENT WORK - ANALYSIS OF AP-
PLICABILITY OF ISO 9564 PIN AUTHENTICA-
TION TO CLOSED-LOOP MOBILE PAYMENT
SYSTEM
A. ASSUMPTIONS
It is assumed that we do not want to couple the solution of
securing the mobile payment authentication with the SIM
(UICC) and other form factors of Secure Element [24]
provided by the telecom operator or other par-
ties.Furthermore, m-PIN for authentication may be used
for various access bearers or channels like USSD, SMS,
NFC (near field communication) and mobile handset apps
(using HTTP(S) channel). Additional mechanisms may
also be applied to secure the authentication even further.
B. ANALYSIS
Even for open-loop NFC payment, authentication of card-
holder with the help of token by the card issuer need not
comply with ISO 9564 PIN standard at all and there is no
strong case of supremacy of this ISO specification in case
of mobile payment in general. Therefore, we focus our
attention to closed-loop payment. Let us analyse two dis-
tinct scenarios.
I. Can ISO 9564 PIN Management be extended to
Closed-Loop Mobile Payment Authentication in Mo-
bile-Device-Present Transaction?
m-PIN is entered on the user-owned mobile device for
mobile-device-present transaction for in-store purchase.
The merchant has an SVA in the same closed-loop system
as the subscriber. The application on mobile device can-
not establish truly secure cryptographic relationship with
the acquirer (i.e., the backend services in case of closed-
loop system) to enable PIN block encryption for online or
real-time authentication which involves verification by
the issuer (i.e., the backend services in case of closed-loop
system) of m-PIN. Therefore it is not a good idea to think
about complying with ISO 9654 for this type of use of m-
PIN. Most end-user mobile devices in circulation in the
market would not even pass FIPS 140-2 Level 1 certifica-
tion and question of storing sensitive data securely in mo-
bile devices does not arise.
II. Can ISO 9564 PIN Management be extended to
Closed-Loop Payment Authentication involving mer-
chant POS terminal or Bank ATM Machine, i.e., Mo-
bile-Device-Not-Present Transaction?
a. Because of challenge in inter-operability, only ISO
9564 PIN block format-1 may be considered (plain text
m-PIN plus some filler) for online m-PIN verification
by the SVA system acting as SVA issuer, for purchase
on merchant web site. Of course, encrypted communi-
cation channel (SSL/TLS) may be used, but message or
data level encryption of PIN block is not possible. If we
have to consider other formats, MSISDN (Mobile Sta-
tion International Subscriber Directory Number or mo-
bile number) may be used as a substitute for PAN
(permanent account number in case of card) and this
along with m-PIN may be used for formation of block.
b. Closed-loop m-PIN would be exposed to the intermedi-
aries of interfacing open-loop system (e.g., merchant
POS terminal or ATM machine of the bank) because of
plaintext data. Because encrypted communication
channel must terminate at intermediary.
c. In card based system, PIN is used only for card-present
transaction and never for card-not-present transaction.
Card-not-present transaction (e.g., online shopping) us-
es CVV or equivalent and 3D Secure technology speci-
fied by networks or some form of OTP (one-time-
password). Somebody using closed-loop SVA for in-
store shopping and using merchant’s POS terminal
would not require using the mobile device (which pro-
vides a level of authentication –something the user has).
This is equivalent to online mobile payment or mobile-
device-not-present payment and use of m-PIN only for
authentication for such use case, is not a good idea.
d. Therefore it is not a good idea to think of compliance
with ISO 9654 for this type of use of m-PIN.
5. Int. J. Advanced Networking and Applications
Volume: 6 Issue: 2 Pages: 2285-2290 (2014) ISSN : 0975-0290
2289
C. FUTURE DIRECTION OF CLOSED-LOOP MO-
BILE PAYMENT AUTHENTICATION
In closed-loop payment system, the issuer of stored-value-
account (SVA) is typically a telecom operator and in
some cases, a bank. The acquirer of transaction where
SVA is used as a payment instrument for a purchase on a
merchant site or in store, is a POS terminal or ATM ma-
chine or a payment gateway of web site. Specific custom-
er authentication requirements for such systems are not
standardised.
On the other hand, open-loop card-based payment uses
card PIN for card-present payment authentication and this
is based on ISO 9564 standard. Visa and Mastercard
based open-loop payment schemes or networks with asso-
ciated issuers, acquirers, merchants and cardholders are
very well known.
Most mobile devices in circulation in the market would
not even pass FIPS 140-2 Level 1 certification and ques-
tion of storing sensitive data securely in mobile devices
does not arise. Although Trusted Computing Group [22]
(TCG)’s Mobile Trusted Computing (MTM) [22] or
GlobalPlatform’s Trusted Execution Environment (TEE)
[21] are approaches for making mobile devices more se-
cure, adoption of such specification in the market is insig-
nificant.
Besides m-PIN, out-of-band or in-band OTP, device fin-
gerprinting, etc may be used to strengthen authentication
in closed-loop mobile payment. There is no chance that
people would talk about applying ISO 9564 standard to
this use case.
V. CONCLUSION
Card professionals who are coming to the domain of mo-
bile payments often try to apply ISO 9564 card PIN au-
thentication to mobile payment and even go to the extent
of complying with this standard for closed-loop mobile
payment.The authors highlighted that such compliance is
misplaced. Instead of such compliance, we must use
standard channel level encryption for direct transmission
of m-PIN between mobile device and the remote closed-
loop payment service and other mechanisms for stronger
authentication. Question of applicability of ISO 9564 is
often raised by card professionals in mobile payments
domain and this has not been addressed by anybody so far
in the payment security industry, as per knowledge of the
authors. The authors make categorical statement about
applicability of this ISO standard and hope that this anal-
ysis would help both card professionals coming to mobile
payments and also existing mobile payment professionals
to take informed decision regarding security and compli-
ance.
Since closed-loop mobile payment is a relatively new
field, the authors make a case for Common Criteria
Recognition Agreement (CCRA) [3] or other standards
bodyto push for publication of a mobile device-agnostic
Protection Profile or specific standard, respectively, in-
corporating the suggested high-level requirements (e.g.,
m-PIN, OTP, device fingerprinting, etc).
REFERENCES
[1] ISO (International Organisation for Standardisation),
Standard 9564-1: 2011, Financial services -- Per-
sonal Identification Number (PIN) management and
security -- Part 1: Basic principles and requirements
for PINs in card-based systems -
http://www.iso.org/iso/home/store/catalogue_tc/cata
logue_detail.htm?csnumber=54083
[2] ISO 9564 Standard, Wikipedia,
http://en.wikipedia.org/wiki/ISO_9564
[3] Common Criteria -
https://www.commoncriteriaportal.org - The CC is
the driving force for the widest available mutual
recognition of secure IT products worldwide.
[4] EMVCo Payment Tokenisation Specification and
HCE and its focus on authentication -
http://www.emvco.com/specifications.aspx?id=263
[5] Apple Pay Contactless Secure Payment and Tokeni-
sation - https://www.apple.com/iphone-6/apple-pay/
[6] Fraud Protection for Native Mobile Applications,
ThreatMetrix TrustDefender Mobile,
http://www.threatmetrix.com/wp-
content/uploads/2014/11/TrustDefender-Mobile-
Technical-Brief.pdf
[7] Host Card Emulation (HCE) Whitepaper by Smart-
card Alliance -
http://www.smartcardalliance.org/wp-
content/uploads/HCE-101-WP-FINAL-081114-
clean.pdf
[8] Future of Secure Mobile Payments by Amal Saha,
CISO Platform Annual Summit, 2013 -
http://www.slideshare.net/cisoplatform7/future-of-
secure-mobile-payments-amal-saha ,
http://www.youtube.com/watch?v=6xfIkLKWlko
[9] Google Host Card Emula-
tion:https://developer.android.com/guide/topics/con
nectivity/nfc/hce.html
[10] Payment Card Industry PIN Security Requirements,
Version 1.0, September 2011, PCI Security Stand-
ards Council
[11] FIPS PUB 140–2: Security Requirements for Cryp-
tographic Modules, Federal Information Processing
Standard, latest version published on May 25, 2001
6. Int. J. Advanced Networking and Applications
Volume: 6 Issue: 2 Pages: 2285-2290 (2014) ISSN : 0975-0290
2290
[12] EMVCo Contact and Contactless Terminal Approv-
al - Level 1 and Level 2 -
http://www.emvco.com/approvals.aspx?id=56
[13] Device Fingerprinting in mobile payment use case -
IBM
Trusteerhttp://www.trusteer.com/products/trusteer-
pinpoint-criminal-detection
[14] Sugata Sanyal, Ayu Tiwari and Sudip Sanyal. "A
multifactor secure authentication system for wireless
payment." Emergent Web Intelligence: Advanced
Information Retrieval. Springer London, 2010.341-
369.
[15] A. Tiwari, Sugata Sanyal, A. Abraham, S. J.
Knapskog and Sugata Sanyal, (2011). A multi-factor
security protocol for wireless payment-secure web
authentication using mobile devices.arXiv preprint
arXiv:1111.3010.
[16] Hristo Bojinov et al. "Mobile Device Identification
via Sensor Fingerprinting." arXiv preprint
arXiv:1408.1416 (2014).
[17] Michael Rausch, Nathan Good, and Chris Jay
Hoofnagle. "Searching for Indicators of Device Fin-
gerprinting in the JavaScript Code of Popular Web-
sites.”, Proceedings, Midewest Instruction and
Computing Symposium, 2014.
[18] M Rausch, A Bakke, S Patt, B Wegner and D Scott.
Demonstrating a Simple Device Fingerprinting Sys-
tem, Proceedings, Midewest Instruction and Compu-
ting Symposium, 2014.
[19] Akli Adjaoute, Multi-Dimensional Behavior Device
ID, US Patent Publication Number US20140164178
A1,
http://www.google.com/patents/US20140164178
[20] Services in Android Application Framework -
http://developer.android.com/guide/components/ser
vices.html
[21] GlobalPlatform’s Trusted Execution Environment
(TEE),
http://www.globalplatform.org/specificationsdevice.
asp
[22] Trusted Computing Group (TCG),
http://www.trustedcomputinggroup.org and
http://www.trustedcomputinggroup.org/solutions/m
obile_security
[23] M-PESA, http://en.wikipedia.org/wiki/M-Pesa - M-
Pesa (M for mobile, pesa is Swahili for money) is a
mobile-phone based money transfer and
microfinancing service, launched in 2007 by Voda-
fone for Safaricom and Vodacom, the largest mobile
network operators in Kenya and Tanzania
[24] Secure Element and smart card form factors as per
GlobalPlatform,
http://globalplatform.org/mediaguideSE.asp