[go: up one dir, main page]

Subpratatsavee et al., 2015 - Google Patents

Transaction authentication using HMAC-based one-time password and QR code

Subpratatsavee et al., 2015

Document ID
3940835477838476616
Author
Subpratatsavee P
Kuacharoen P
Publication year
Publication venue
Computer Science and its Applications: Ubiquitous Information Technologies

External Links

Snippet

Conducting financial transactions over the Internet has been widely adopted due to the convenience and usability. However, conducting financial transactions via the Internet may be subjected to many types of attacks including password attacks, malware, phishing, and …
Continue reading at link.springer.com (other versions)

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/083Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response

Similar Documents

Publication Publication Date Title
US8245030B2 (en) Method for authenticating online transactions using a browser
US20190281028A1 (en) System and method for decentralized authentication using a distributed transaction-based state machine
TWI512524B (en) System and method for identifying users
CN106664208A (en) System and method for establishing trust using a secure transport protocol
US20240129139A1 (en) User authentication using two independent security elements
Alzuwaini et al. An efficient mechanism to prevent the phishing attacks
GB2434724A (en) Secure transactions using authentication tokens based on a device "fingerprint" derived from its physical parameters
Babkin et al. Authentication protocols based on one-time passwords
Subpratatsavee et al. Transaction authentication using HMAC-based one-time password and QR code
JP5186648B2 (en) System and method for facilitating secure online transactions
Me et al. A mobile based approach to strong authentication on Web
Rao et al. Authentication using mobile phone as a security token
Subpratatsavee et al. Internet banking transaction authentication using mobile one-time password and qr code
Srivastava et al. A review on remote user authentication schemes using smart cards
Deeptha et al. Extending OpenID connect towards mission critical applications
Nashwan et al. Mutual chain authentication protocol for SPAN transactions in Saudi Arabian banking
Nwogu Improving the security of the internet banking system using three-level security implementation
Burr et al. Sp 800-63-1. electronic authentication guideline
Hakami et al. Secure Transaction Framework based on Encrypted One-time Password and Multi-factor
CN110855444A (en) A pure software CAVA identity authentication method based on trusted third party
Yasin et al. Enhancing anti-phishing by a robust multi-level authentication technique (EARMAT).
Ngo et al. Formal verification of a secure mobile banking protocol
Lee et al. Design of a simple user authentication scheme using QR-code for mobile device
WO2010070456A2 (en) Method and apparatus for authenticating online transactions using a browser
Johnson et al. A new approach to e-banking