3. Concepts
Authentication: It is the process of verifying the
identity of user.
QR Code: Quick Response code (QR code) is actually
two dimensional bar codes and can store information
in both length and breath.
OTP: OTP is one time password. It plays a vital role for
authentication in net-banking to make it more secure.
3
4. Abstract
Distribution of OTPs to concerned user is a major
issue. Short message service that is available for
mobile phones is the most common methodology
for OTP distribution. QR codes are widely being
used to convey short information such as website
address, mobile numbers etc. In our idea we are
presenting a new authentication scheme for
secure OTP distribution in net banking using QR
codes and via email.
4
6. Drawbacks of existing methods
Some methods use a hash type file to verify users
authentication request which increase risk of
tampering.
Apart from the above all of the existing methods are
text based methods.
These increase the risk of being identified in the long
time.
6
7. What is secure here?
The OTP and ATM pin are encrypted using AES[*]
encryption standard.
QR codes are used in the field of cryptography for data
security.
[*] AES is a well known encryption algorithm that is symmetric in
nature. It has also been applied in various application other than data
security.
7
8. Proposed system
System consists of a web service that will generate
alpha-numeric OTPs using pseudo-random numbers
and current timestamp.
Use of timestamp further assures security and
uniqueness of OTP. The alpha-numeric password
string is then encrypted using Advanced Encryption
Standard (AES).
The key for the algorithm will be ATM pin of the user
since it is unique for every user and can be obtained by
Bank Server in every login session through account
number.
8
9. The encrypted string is then converted to QR image
by the Bank Server. It is then sent to the concerned
user using email as transmission medium via SMTP.
Further process is explained in the flow diagram that
succeeds.
9
12. References
Mohammad Mannan, P. C. Van Oorschot, “Security and
Usability: The Gap in Real-World Online Banking”,
NSPW’07, North Conway, NH, USA, Sep. 18-21, 2007.
L.Lamport, “Password authentication with insecure
communication, ”Communications of ACM, Vol. 24, No.
11, pp. 770-772, 1981.
12
13. Kuan-Chieh Liao, Wei-Hsun Lee, Min-Hsuan Sung, Ting-
Ching Lin, “A One-Time Password Scheme with QR-
Code Based on Mobile Phone”, Fifth International Joint
Conference on INC, IMS and IDC, 2009, pp 2069-2071.
Qiu-xia Wang; Tie Xu; Pei-zhou Wu, "Application
research of the AES encryption algorithm on the engine
anti-theft system," Vehicular Electronics and Safety
(ICVES), 2011 IEEE International Conference on , vol.,
no., pp.25,29, 10-12 July 2011.
13