File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1007/978-3-319-49148-6_36
- Scopus: eid_2-s2.0-84996798736
- WOS: WOS:000387960800036
- Find via
Supplementary
- Citations:
- Appears in Collections:
Conference Paper: Authentication and transaction verification using QR codes with a mobile device
| Title | Authentication and transaction verification using QR codes with a mobile device |
|---|---|
| Authors | |
| Keywords | One-Time-Password (OTP) Transaction integrity Transaction verification Transaction-Authentication-Number (TAN) Authentication Mobile device QR code |
| Issue Date | 2016 |
| Citation | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2016, v. 10066 LNCS, p. 437-451 How to Cite? |
| Abstract | © Springer International Publishing AG 2016. User authentication and the verification of online transactions that are performed on an untrusted computer or device is an important and challenging problem. This paper presents an approach to authentication and transaction verification using a trusted mobile device, equipped with a camera, in conjunction with QR codes. The mobile device does not require an active connection (e.g., Internet or cellular network), as the required information is obtained by the mobile device through its camera, i.e. solely via the visual channel. The proposed approach consists of an initial user authentication phase, which is followed by a transaction verification phase. The transaction verification phase provides a mechanism whereby important transactions have to be verified by both the user and the server. We describe the adversarial model to capture the possible attacks to the system. In addition, this paper analyzes the security of the propose scheme, and discusses the practical issues and mechanisms by which the scheme is able to circumvent a variety of security threats including password stealing, man-in-the-middle and man-in-the-browser attacks. We note that our technique is applicable to many practical applications ranging from standard user authentication implementations to protecting online banking transactions. |
| Persistent Identifier | http://hdl.handle.net/10722/280607 |
| ISSN | 2023 SCImago Journal Rankings: 0.606 |
| ISI Accession Number ID |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Chow, Yang Wai | - |
| dc.contributor.author | Susilo, Willy | - |
| dc.contributor.author | Yang, Guomin | - |
| dc.contributor.author | Au, Man Ho | - |
| dc.contributor.author | Wang, Cong | - |
| dc.date.accessioned | 2020-02-17T14:34:28Z | - |
| dc.date.available | 2020-02-17T14:34:28Z | - |
| dc.date.issued | 2016 | - |
| dc.identifier.citation | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2016, v. 10066 LNCS, p. 437-451 | - |
| dc.identifier.issn | 0302-9743 | - |
| dc.identifier.uri | http://hdl.handle.net/10722/280607 | - |
| dc.description.abstract | © Springer International Publishing AG 2016. User authentication and the verification of online transactions that are performed on an untrusted computer or device is an important and challenging problem. This paper presents an approach to authentication and transaction verification using a trusted mobile device, equipped with a camera, in conjunction with QR codes. The mobile device does not require an active connection (e.g., Internet or cellular network), as the required information is obtained by the mobile device through its camera, i.e. solely via the visual channel. The proposed approach consists of an initial user authentication phase, which is followed by a transaction verification phase. The transaction verification phase provides a mechanism whereby important transactions have to be verified by both the user and the server. We describe the adversarial model to capture the possible attacks to the system. In addition, this paper analyzes the security of the propose scheme, and discusses the practical issues and mechanisms by which the scheme is able to circumvent a variety of security threats including password stealing, man-in-the-middle and man-in-the-browser attacks. We note that our technique is applicable to many practical applications ranging from standard user authentication implementations to protecting online banking transactions. | - |
| dc.language | eng | - |
| dc.relation.ispartof | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | - |
| dc.subject | One-Time-Password (OTP) | - |
| dc.subject | Transaction integrity | - |
| dc.subject | Transaction verification | - |
| dc.subject | Transaction-Authentication-Number (TAN) | - |
| dc.subject | Authentication | - |
| dc.subject | Mobile device | - |
| dc.subject | QR code | - |
| dc.title | Authentication and transaction verification using QR codes with a mobile device | - |
| dc.type | Conference_Paper | - |
| dc.description.nature | link_to_subscribed_fulltext | - |
| dc.identifier.doi | 10.1007/978-3-319-49148-6_36 | - |
| dc.identifier.scopus | eid_2-s2.0-84996798736 | - |
| dc.identifier.volume | 10066 LNCS | - |
| dc.identifier.spage | 437 | - |
| dc.identifier.epage | 451 | - |
| dc.identifier.eissn | 1611-3349 | - |
| dc.identifier.isi | WOS:000387960800036 | - |
| dc.identifier.issnl | 0302-9743 | - |