Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Qr code based secure otp distribution scheme for Online banking

2,426 views

Published on

Qr code based secure otp distribution scheme for Online banking

Published in: Technology

Qr code based secure otp distribution scheme for Online banking

  1. 1. 1 QR Code based secure OTP distribution scheme for Authentication in Net-Banking
  2. 2. TUMMALA SATYAKAMA SNEHITH PANGULURI PAGIDALA VIDYHAR REDDY 2
  3. 3. Concepts  Authentication: It is the process of verifying the identity of user.  QR Code: Quick Response code (QR code) is actually two dimensional bar codes and can store information in both length and breath.  OTP: OTP is one time password. It plays a vital role for authentication in net-banking to make it more secure. 3
  4. 4. Abstract  Distribution of OTPs to concerned user is a major issue. Short message service that is available for mobile phones is the most common methodology for OTP distribution. QR codes are widely being used to convey short information such as website address, mobile numbers etc. In our idea we are presenting a new authentication scheme for secure OTP distribution in net banking using QR codes and via email. 4
  5. 5. Existing methods  Text message  Proprietary tokens  Secure code devices  Grid file 5
  6. 6. Drawbacks of existing methods  Some methods use a hash type file to verify users authentication request which increase risk of tampering.  Apart from the above all of the existing methods are text based methods.  These increase the risk of being identified in the long time. 6
  7. 7. What is secure here?  The OTP and ATM pin are encrypted using AES[*] encryption standard.  QR codes are used in the field of cryptography for data security. [*] AES is a well known encryption algorithm that is symmetric in nature. It has also been applied in various application other than data security. 7
  8. 8. Proposed system  System consists of a web service that will generate alpha-numeric OTPs using pseudo-random numbers and current timestamp.  Use of timestamp further assures security and uniqueness of OTP. The alpha-numeric password string is then encrypted using Advanced Encryption Standard (AES).  The key for the algorithm will be ATM pin of the user since it is unique for every user and can be obtained by Bank Server in every login session through account number. 8
  9. 9.  The encrypted string is then converted to QR image by the Bank Server. It is then sent to the concerned user using email as transmission medium via SMTP.  Further process is explained in the flow diagram that succeeds. 9
  10. 10. Workflow 10
  11. 11. Workflow of proposed authentication scheme 11
  12. 12. References  Mohammad Mannan, P. C. Van Oorschot, “Security and Usability: The Gap in Real-World Online Banking”, NSPW’07, North Conway, NH, USA, Sep. 18-21, 2007.  L.Lamport, “Password authentication with insecure communication, ”Communications of ACM, Vol. 24, No. 11, pp. 770-772, 1981. 12
  13. 13.  Kuan-Chieh Liao, Wei-Hsun Lee, Min-Hsuan Sung, Ting- Ching Lin, “A One-Time Password Scheme with QR- Code Based on Mobile Phone”, Fifth International Joint Conference on INC, IMS and IDC, 2009, pp 2069-2071.  Qiu-xia Wang; Tie Xu; Pei-zhou Wu, "Application research of the AES encryption algorithm on the engine anti-theft system," Vehicular Electronics and Safety (ICVES), 2011 IEEE International Conference on , vol., no., pp.25,29, 10-12 July 2011. 13
  14. 14. 14 Thank You

×