Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
107 views

How To Secure Web Authentication

This document proposes using cell phones for secure web authentication through a multifactor authentication system using transaction identification codes (TICs) and SMS. TICs would be issued by financial institutions to users, act like one-time passwords, and help eliminate risks of attacks on passwords. The system would involve a user making a purchase request, the merchant requesting authorization with payment and certificate information, a client order and payment info with certificate being sent, selecting a TIC from their phone to encrypt the transaction form, and an acknowledgment being sent via SMS.

Uploaded by

Arpit Garg
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
107 views

How To Secure Web Authentication

This document proposes using cell phones for secure web authentication through a multifactor authentication system using transaction identification codes (TICs) and SMS. TICs would be issued by financial institutions to users, act like one-time passwords, and help eliminate risks of attacks on passwords. The system would involve a user making a purchase request, the merchant requesting authorization with payment and certificate information, a client order and payment info with certificate being sent, selecting a TIC from their phone to encrypt the transaction form, and an acknowledgment being sent via SMS.

Uploaded by

Arpit Garg
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 20

Secure Web Authentication Using

Cell Phones

Presented By:

Arpit Garg
MBA IB(IT)
A1802007095 (E11)
Batch: 2007-2009
As computing becomes persistent, people increasingly rely their business over the
Internet by using e-commerce. Now, the Internet is a preferred source to avail online
e-services such as e-commerce, e-voting, e-banking, e-governance, etc.

Online applications require a strong security element to protect user confidential


data which is a major concern in internet based online payment system. There are
various internet threats which affect the security system of internet and increase
the risk for electronic transaction.

Most of the authentication system relies on passwords, personal identification


numbers & keys to access their personal account information. This type of
authentication system actually can not verify or authenticate the identity of the users
who he or she claims to be.
The above observation calls for the need of Multifactor Authentication
techniques for securing financial web transactions.

To do so, we recommend an authentication system based on:


• TICs (Transaction Identification code) and
• SMS (Short Message Service)

Features of TICs:
1. TICS are issued by bank authorities or financial institutions to the
user and not by the web server.
2. TIC is similar to OTP (One time password) and one code is used only
on one occasion.
3. It eliminates the risk of attack against traditional passwords.
7. Payment Ack.

4. Request for Authorization, payment with order


information and both certificates

5. Request for
payment
2. Merchant’s
approval
Payment Info.

1. User make 8. Response 6. Authorization


purchase response for
request payment
3. Client Order
and payment
Information
with certificate

Customer’s
Bank
Login Authentication Login Successful
Selection of Balance Enquiry option Balance Enquiry
Selection of Credit Card Transfer Selection of Bank Name and Branch
Code
Selection of Credit Card Type Fill up Requisite Details
Selection of Electronic Transfer Selection of Bank Name and Branch
Code
Fill Up Requisite Information TIC Password to Open TICs list
Entering Password for TICs Selection of encrypted TIC
Selected TIC is attached with the Acknowledgment from the Web
Credit Card Transfer Form Server Showing Successful
Authentication
SMS Received from Bank SMS showing details of Submitted
Authentication Server Transaction
Reply SMS with “YES” Response from the Server if user say
“YES”
Reply SMS with “No” Response from the Server if user say
“No”
1. GSM calls even more secure - A5/3 Algorithm” ETSI, 2002,
http://www.gsmworld.com/news/press_2002/press_15.shtml
2. http://www.cellular.co.za
3. Website on bouncy castle package:
http://www.bouncycastle.org
4. Article on internet attacks: www.educause.edu/ir/library/pdf/CSD4433.pdf
5. Article on attacks on mobile phones:
http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci1232051,00.html
6. Article on security threats of mobile phones:
http://news.zdnet.com/2100-1009_22-5602919.html
7. Website on Wireless development tool kit 2.3:
http://java.sun.com/products/sjwtoolkit
8. Website on Web Server:
http://tomcat.apache.org/

You might also like