Secure, Consumer-Friendly Web Authentication and Payments with a Phone
نویسندگان
چکیده
This paper proposes a challenge-response authentication system for web applications called Snap2Pass that is easy to use, provides strong security guarantees, and requires no browser extensions. The system uses QR codes which are small two-dimensional pictures that encode digital data. When logging in to a site, the web server sends the PC browser a QR code that encodes a cryptographic challenge; the user takes a picture of the QR code with his cell phone camera which results in a cryptographic response sent to the server; the web server then logs the PC browser in. Our user study shows that authentication using Snap2Pass is easy to learn and considerably faster than existing one-time password and challenge-response systems. By implementing our solution as an OpenID provider, we have made this scheme available to over 30,000 websites that use OpenID today. This paper also proposes Snap2Pay, an extension of Snap2Pass, to improve the usability and security of online payments. Snap2Pay allows a consumer to use one-time credit cards as well as the Verified by Visa or Mastercard SecureCode services securely and easily with just a snap of a QR code.
منابع مشابه
Snap2Pass: Consumer-Friendly Challenge-Response Authentication with a Phone
This paper proposes a challenge-response authentication system for web applications called Snap2Pass that is easy to use, provides strong security guarantees, and requires no browser extensions. The system uses QR codes which are small two-dimensional pictures that encode digital data. When logging in to a site, the web server sends the PC browser a QR code that encodes a cryptographic challeng...
متن کاملAn ECC-Based Mutual Authentication Scheme with One Time Signature (OTS) in Advanced Metering Infrastructure
Advanced metering infrastructure (AMI) is a key part of the smart grid; thus, one of the most important concerns is to offer a secure mutual authentication. This study focuses on communication between a smart meter and a server on the utility side. Hence, a mutual authentication mechanism in AMI is presented based on the elliptic curve cryptography (ECC) and one time signature (OTS) consists o...
متن کاملA Secure Cloud-based NFC Mobile Payment Protocol
Near Field Communication (NFC) is one the most recent technologies in the area of application development and service delivery via mobile phone. NFC enables the mobile phone to act as identification and a credit card for customers. Dynamic relationships of NFC ecosystem players in an NFC transaction process make them partners in a way that sometimes they should share their access permissions on...
متن کاملA Distributed Authentication Model for an E-Health Network Using Blockchain
Introduction: One of the most important and challenging areas under the influence of information technology is the field of health. This pervasive influence has led to the development of electronic health (e-health) networks with a variety of services of different qualities. The issue of security management, maintaining confidentiality and data integrity, and exchanging it in a secure environme...
متن کاملA Distributed Authentication Model for an E-Health Network Using Blockchain
Introduction: One of the most important and challenging areas under the influence of information technology is the field of health. This pervasive influence has led to the development of electronic health (e-health) networks with a variety of services of different qualities. The issue of security management, maintaining confidentiality and data integrity, and exchanging it in a secure environme...
متن کامل