Physical Access Control Based on QR Code

Kao, Yung-Wei; Luo, Guo-Heng; Lin, Hesheng; Huang, Yu‐Kai; Yuan, Shyan-Ming

doi:10.1109/cyberc.2011.55

Cited by 27 publications

(12 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…They are widely used in mobile phones (e.g., applications of instance messaging, user login, and mobile payment). QR codes can not only store large information, but also have error-correction ability [21]. In addition, QR codes have high recognition rate, and there are massive algorithm libraries to invoke [22].…”

Section: Related Workmentioning

confidence: 99%

A Watermark-Based In-Situ Access Control Model for Image Big Data

Guo

Ren

et al. 2018

Future Internet

View full text Add to dashboard Cite

When large images are used for big data analysis, they impose new challenges in protecting image privacy. For example, a geographic image may consist of several sensitive areas or layers. When it is uploaded into servers, the image will be accessed by diverse subjects. Traditional access control methods regulate access privileges to a single image, and their access control strategies are stored in servers, which imposes two shortcomings: (1) fine-grained access control is not guaranteed for areas/layers in a single image that need to maintain secret for different roles; and (2) access control policies that are stored in servers suffers from multiple attacks (e.g., transferring attacks). In this paper, we propose a novel watermark-based access control model in which access control policies are associated with objects being accessed (called an in-situ model). The proposed model integrates access control policies as watermarks within images, without relying on the availability of servers or connecting networks. The access control for images is still maintained even though images are redistributed again to further subjects. Therefore, access control policies can be delivered together with the big data of images. Moreover, we propose a hierarchical key-role-area model for fine-grained encryption, especially for large size images such as geographic maps. The extensive analysis justifies the security and performance of the proposed model

show abstract

Section: Related Workmentioning

confidence: 99%

A Watermark-Based In-Situ Access Control Model for Image Big Data

Guo

Ren

et al. 2018

Future Internet

View full text Add to dashboard Cite

show abstract

“…보안성 분석 Sniffing [4] , Password Guessing Attack [13] , Replay 표 2에 DTOTP 시스템과 기존 OTP [14] , 이중 인 증의 또 다른 방식인 SUAN [14] 의 주요 특성을 비 교한다.…”

Section: ⅳ 검토 및 분석unclassified

QR Code Based Mobile Dual Transmission OTP System

Seo¹,

Choi²,

Yeon³

et al. 2013

The Journal of Korea Information and Communications Society

View full text Add to dashboard Cite

In order to improve the security strength in the password based user authentication, in which the security vulnerability is increased while the same password is repeatedly used, the OTP(One-Time Password) system has been introduced. In the OTP systems, however, the user account information and OTP value may be hacked if the user PC is infected by the malicious codes, because the user types the OTP value, which is generated by the mobile device synchronized with the server, directly onto the user PC. In this paper, we propose a new method, called DTOTP(Dual Transmission OTP), to solve this security problem. The DTOTP system is an improved two-factor authentication method by using the dual transmission, in which the user performs the server authentication by typing the user account and password information onto the PC, and then for the OTP authentication the mobile device scans the QR code displayed on the PC and the OTP value is sent to the server directly. The proposed system provides more improved security strength than that of the existing OTP system, and also can adopt the existing OTP algorithm without any modification. As a result, the proposed system can be safely applied to various security services such like banking, portal, and game services.

show abstract

“…The last four years alone various works have proposed authentication systems combining QR codes and one-time passwords. They include systems for online banking [6], [7], health systems [8], access control [9], web applications [10], personal smartphones [11]- [14], and voting systems [15]. None of these proposals offers hands-free or continuous authentication to users.…”

Section: Introductionmentioning

confidence: 99%

Hands-Free one-Time and continuous authentication using glass wearable devices

Damopoulos

Kambourakis

2019

Journal of Information Security and Applications

View full text Add to dashboard Cite

Users with limited use of their hands, such as people suffering from disabilities of the arm, shoulder, and hand (DASH), face challenges when authenticating with computer terminals, specially with publicly accessible terminals such as ATMs. When authentication through a password or PIN is possible, these users have an additional reason to choose a short "easy" combination due to the difficulties involved with entering lengthy convoluted passwords. Access tokens, like smartcards, can assist, however, they require that the user can physically handle such a token and custom reading sensors need to be installed in access terminals. Similar authentication challenges are also present in environments where users need to frequently authenticate and log out or require hands-free authentication, like in hospitals.A new glass wearable device was recently introduced by Google and it was immediately welcomed by groups of users, such as the ones described above, as Google Glass allows them to perform actions, like taking a photo, using only verbal commands. This paper investigates whether glass wearable devices can be used to authenticate users, both to grant access (one-time) and to maintain access (continuous), in similar hands-free fashion. We do so by designing and implementing Gauth, a system that enables users to authenticate with a service simply by issuing a voice command, while facing the computer terminal they are going to use to access the service. To achieve this goal, we create a physical communication channel from the terminal to the device using machine readable visual codes, like QR codes, and utilize the device's network adapter to communicate directly with a service. More importantly, we continuously authenticate the user accessing the terminal, exploiting the fact that a user operating a terminal is most likely facing it most of the time. We periodically issue authentication challenges, which are displayed as a QR code on the terminal, that cause the glass device to re-authenticate the user with an appropriate response. We evaluate our system to determine the technical limits of our approach. We show that even with the relatively low-resolution camera of the current Google Glass prototype, QR codes can be consistently processed correctly (with an average accuracy of 87.8%), and continuous authentication, while strenuous to the battery, is feasible. Finally, we perform a small user study involving students to demonstrate the benefits our approach. We found that authenticating using Gauth takes on average 1.63 seconds, while using username/password credentials takes 3.85 seconds and varies greatly depending on the computer-literacy level of the user.

show abstract

Physical Access Control Based on QR Code

Cited by 27 publications

References 1 publication

A Watermark-Based In-Situ Access Control Model for Image Big Data

A Watermark-Based In-Situ Access Control Model for Image Big Data

QR Code Based Mobile Dual Transmission OTP System

Hands-Free one-Time and continuous authentication using glass wearable devices

Contact Info

Product

Resources

About