Secure, Consumer-Friendly Web Authentication and Payments with a Phone

“…First, our solution allows the use of multiple identity providers. Moreover, in [8] the user has to go through an unverifiable registration process for each service. This approach also implies long-term storage of the user's data by the service provider, which increases the risk of information loss and privacy breaches.…”

Section: Comparison With Other Solutionsmentioning

confidence: 99%

Using a Smartphone to Access Personalized Web Services on a Workstation

Boukayoua

Vossaert

Decker

et al. 2012

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

“…For example, mobile phones can be used as the hardware token for one-time password generation. Dodson et al [9] suggested a challenge-response authentication system which involves a user snapping a picture of a QR code with a mobile device. The data from this marker generated encrypted data that were used during login.…”

Section: B Multifactor Authentication Schemesmentioning

confidence: 99%

Graphical Cipher Ratification System

Chelliah¹

2017

IJRASET

View full text Add to dashboard Cite

Graphical Cipher Ratification System is a new graphical password strategy for common terminals that restores the passive digital models commonly used in graphical password systems with materialized tokens, in the form of digital images shown on device such as a smart phone. Users lay forward these images to a system and then input their password as a chain of options on live display of the token. Unique characteristics are taken from these options and used as the cipher. We lay forward three practicability studies of Graphical Cipher Ratification System exploring its authenticity, benefit, and protection against supervision. The authentication study shows that picture-characterized based passwords are noticeable and recommends necessary system attributes. Passwords should contain seven characteristics, 40% of which must analytically match the ones stored on a reliable server in order to be identical. The work completion time and error rates have to be 7.5 seconds and 9%, largely proportionate with the previous graphical password systems which use unchanging digital pictures. Lastly, the security research highlights Graphical Cipher Ratification System's resistance to inspection attack. Thus, three types of attacks such as shoulder surfing, camera-based surveillance or dictionary attacks will fail to record or notice the user's password. These results imply that Graphical Cipher Ratification System promises security while controlling the benefits of the present graphical password strategy. Index Terms-Graphical cipher, Ratification, digital images, shoulder surfing, surveillance, dictionary attacks I. INTRODUCTION Protected access to data establishes present day systems and services. We preserve our interactions, financial data, official documents, and personal files secured by lending identity information and then validating to that identity. Text passwords as well as personal identification numbers (PINs) are the main authentication method [5] as they are not complex and can be set up on systems such as public terminals, or mobile devices. However, difficult passwords can be forgotten easily [13] and are also subject to security problems. This is a major issue since an average user has 25 online accounts protected with up to six contrasting passwords [12] and showing a significant memory burden. To handle this problem, individuals take up insecure coping strategies such as repetition of passwords across systems, making a note of the passwords, or simply forgetting them completely [1]. To ensure that such issues are eased, researchers are looking at them carefully while putting forward and suggesting graphical password schemes [3], [4] that depend on input such as picking portions of a picture. These systems have been displayed to enhance memorability without disturbing input time and error rates [16] by also maintaining great resistance to brute force as well as guessing attacks [3]. However, graphical passwords have their issues. One such issue is their sensitivity to intelligent guessing [5], [6], [...

show abstract

“…Ben Dodson et al [9] proposed Snap2Pass, a mobile based authentication system that aims at replacing the traditional password-based web authentication; leveraging either RSA model or symmetric key encryption. Snap2Pass is based on the challenge-response authentication model; where the server sends a challenge (encrypted token) to the user encapsulated with a QR code, who in turn needs to scan, decrypt and send it back to the server for identity verification.…”

Section: Related Workmentioning

confidence: 99%