• Title/Summary/Keyword: 2-Factor authentication

Search Result 57, Processing Time 0.018 seconds

1.5-factor Authentication Method using Secure Keypads and Biometric Authentication in the Fintech (핀테크 환경에서 보안 키패드와 생체인증을 이용한 1.5-factor 인증 기법)

  • Mun, Hyung-Jin
    • Journal of Industrial Convergence
    • /
    • v.20 no.11
    • /
    • pp.191-196
    • /
    • 2022
  • In the fintech field, financial transactions with smart phones are actively conducted. User authentication technology is essential for safe financial transactions. PIN authentication through the existing security keypads is convenient to input but has weaknesses in security and others. The biometric authentication technique is secure, but there is a possibility of false positive and false negative authentication. To compensate for this, two-factor authentication is used. In this paper, we propose the 1.5-factor authentication that can increase convenience and security through PIN input with biometric authentication. It provides the stability of fingerprint authentication and convenience of two or three PIN inputs, and this makes safe financial transaction possible. Since biometric authentication is performed at the same time when entering PIN, while security is required by applying fingerprint authentication to the area touched while entering PIN. The User authentication is performed while ensuring convenience to input through additional PIN input in situations where high safety is required, and Safe financial transactions are possible.

User Authentication Mechanism using Smartphone (스마트폰을 이용한 사용자 인증 메커니즘)

  • Jeong, Pil-seong;Cho, Yang-hyun
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.2
    • /
    • pp.301-308
    • /
    • 2017
  • With the popularization of smart phones and the development of the Internet, many people use smart phones to conduct identity verification procedures. smart phones are easier and faster to authenticate than personal desktop computers. However, as Internet hacking technology and malicious code distribution technology rapidly evolve and attack types become more diverse, authentication methods suitable for mobile environment are required. As authentication methods, there are methods such as possessive-based authentication, knowledge-based authentication, biometric-based authentication, pattern-based authentication, and multi-element authentication. In this paper, we propose a user authentication mechanism that uses collected information as authentication factor using smart phone. Using the proposed authentication mechanism, it is possible to use the smart phone information and environment information of the user as a hidden authentication factor, so that the authentication process can be performed without being exposed to others. We implemented the user authentication system using the proposed authentication mechanism and evaluated the effectiveness based on applicability, convenience, and security.

FIDO Platform of Passwordless Users based on Multiple Biometrics for Secondary Authentication (암호 없는 사용자의 2차 인증용 복합생체 기반의 FIDO 플랫폼)

  • Kang, Min-goo
    • Journal of Internet Computing and Services
    • /
    • v.23 no.4
    • /
    • pp.65-72
    • /
    • 2022
  • In this paper, a zero trust-based complex biometric authentication was proposed in a passwordless environment. The linkage of FIDO 2.0 (Fast IDENTITY Online) transaction authentication platforms was designed in conjunction with metaverse. In particular, it was applied with the location information of a smart terminal according to a geomagnetic sensor, an accelerator sensor, and biometric information for multi-factor authentication(MFA). At this time, a FIDO transaction authentication platform was presented for adaptive complex authentication with user's environment through complex authentication with secondary authentication based on situational awareness such as illuminance and temperature/humidity. As a result, it is possible to authenticate secondary users based on zero trust with behavior patterns such as fingerprint recognition, iris recognition, face recognition, and voice according to the environment. In addition, it is intended to check the linkage result of the FIDO platform for complex integrated authentication and improve the authentication accuracy of the linkage platform for transaction authentication using FIDO2.0.

A Study on Multibiometrics derived from Calling Activity Context using Smartphone for Implicit User Authentication System

  • Negara, Ali Fahmi Perwira;Yeom, Jaekeun;Choi, Deokjai
    • International Journal of Contents
    • /
    • v.9 no.2
    • /
    • pp.14-21
    • /
    • 2013
  • Current smartphone authentication systems are deemed inconvenient and difficult for users on remembering their password as well as privacy issues on stolen or forged biometrics. New authentication system is demanded to be implicit to users with very minimum user involvement being. This idea aims towards a future model of authentication system for smartphones users without users realizing them being authenticated. We use the most frequent activity that users carry out with their smartphone, which is the calling activity. We derive two basics related interactions that are first factor being arm's flex (AF) action to pick a phone to be near ones' ears and then once getting near ear using second factor from ear shape image. Here, we combine behavior biometrics from AF in first factor and physical biometrics from ear image in second factor. Our study shows our dual-factor authentication system does not require explicit user interaction thereby improving convenience and alleviating burden from users from persistent necessity to remember password. These findings will augment development of novel implicit authentication system being transparent, easier, and unobtrusive for users.

Security Analysis of a Biometric-Based User Authentication Scheme (Biometric 정보를 기반으로 하는 사용자 인증 스킴의 안전성 분석)

  • Lee, Young Sook
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.10 no.1
    • /
    • pp.81-87
    • /
    • 2014
  • Password-based authentication using smart card provides two factor authentications, namely a successful login requires the client to have a valid smart card and a correct password. While it provides stronger security guarantees than only password authentication, it could also fail if both authentication factors are compromised ((1) the user's smart card was stolen and (2) the user's password was exposed). In this case, there is no way to prevent the adversary from impersonating the user. Now, the new technology of biometrics is becoming a popular method for designing a more secure authentication scheme. In terms of physiological and behavior human characteristics, biometric information is used as a form of authentication factor. Biometric information, such as fingerprints, faces, voice, irises, hand geometry, and palmprints can be used to verify their identities. In this article, we review the biometric-based authentication scheme by Cheng et al. and provide a security analysis on the scheme. Our analysis shows that Cheng et al.'s scheme does not guarantee any kind of authentication, either server-to-user authentication or user-to-server authentication. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, on Cheng et al.'s scheme. In addition, we propose the enhanced authentication scheme that eliminates the security vulnerabilities of Cheng et al.'s scheme.

Design of An Authentication System Proper for Hybrid Cloud Computing System (하이브리드 클라우드 컴퓨팅 환경에 적합한 인증시스템 설계)

  • Lee, Geuk;Ji, Jae-Won;Chun, Hyun-Woo;Lee, Kyu-Won
    • Convergence Security Journal
    • /
    • v.11 no.6
    • /
    • pp.31-36
    • /
    • 2011
  • Cloud computing is a system which efficiently utilizes resources. In this paper, we propose 2-factor authentication system combing PKI, ID_PW and location information. The proposed method improve the security of hybrid cloud systems and manage resources more safely.

Efficient and Secure Sound-Based Hybrid Authentication Factor with High Usability

  • Mohinder Singh B;Jaisankar N.
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.17 no.10
    • /
    • pp.2844-2861
    • /
    • 2023
  • Internet is the most prevailing word being used nowadays. Over the years, people are becoming more dependent on the internet as it makes their job easier. This became a part of everyone's life as a means of communication in almost every area like financial transactions, education, and personal-health operations. A lot of data is being converted to digital and made online. Many researchers have proposed different authentication factors - biometric and/or non-biometric authentication factors - as the first line of defense to secure online data. Among all those factors, passwords and passphrases are being used by many users around the world. However, the usability of these factors is low. Also, the passwords are easily susceptible to brute force and dictionary attacks. This paper proposes the generation of a novel passcode from the hybrid authentication factor - sound. The proposed passcode is evaluated for its strength to resist brute-force and dictionary attacks using the Shannon entropy and Passcode (or password) entropy formulae. Also, the passcode is evaluated for its usability. The entropy value of the proposed is 658.2. This is higher than that of other authentication factors. Like, for a 6-digit pin - the entropy value was 13.2, 101.4 for Password with Passphrase combined with Keystroke dynamics and 193 for fingerprint, and 30 for voice biometrics. The proposed novel passcode is far much better than other authentication factors when compared with their corresponding strength and usability values.

A Comparative Analysis of PKI Authentication and FIDO Authentication (PKI 인증과 FIDO 인증에 대한 비교 분석)

  • Park, Seungchul
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.7
    • /
    • pp.1411-1419
    • /
    • 2017
  • The two factor authentication capability, private key possession and key protection password knowledge, and the strong public key cryptography protocol of PKI authentication have largely contributed to the rapid construction of Internet transaction trusted infrastructure. The reusability of a certificate-based identity for every PKI site was another contribution factor of the spread of PKI authentication. Nevertheless, the PKI authentication has been criticised mainly for the cost of PKI construction, inconvenience of individual certificate management, and difficulties of password management. Recently FIDO authentication has received high attention as an alternative of the PKI authentication. The FIDO authentication is also based on the public key cryptography which provides strong authentication services, but it does not require individual certificate issuance and provides user-friendly and secure authentication services by integrating biometric technologies. The purpose of this paper is to concretely compare the PKI-authentication and FIDO-authentication and, based on the analysis result, to propose their corresponding applications.

Draft Design of 2-Factor Authentication Technique for NFC-based Security-enriched Electronic Payment System (보안 강화를 위한 NFC 기반 전자결제 시스템의 2 팩터 인증 기술의 초안 설계)

  • Cha, ByungRae;Choi, MyeongSoo;Park, Sun;Kim, JongWon
    • Smart Media Journal
    • /
    • v.5 no.2
    • /
    • pp.77-83
    • /
    • 2016
  • Today, the great revolution in all financial industrial such as bank have been progressing through the utilization of IT technology actively, it is called the fintech. In this paper, we draw the draft design of NFC-based electronic payment and coupon system using FIDO framework to apply the 2 factor authentication technique for strength security. In detailed, we will study that the terminal device in front-end will be applied the 2 factor authentication and electric signature, and cloud-based payment gateway in back-end will be applied malicious code detection technique of distributed avoidance type.

User certification module development of Gallery-Auction for NFC-based 2 Factor mobile electronic payment (NFC 기반 2 Factor 모바일 전자결제를 위한 갤러리-옥션의 사용자인증 모듈 개발)

  • Jo, Won Oh;Cha, Yoon Seok;Oh, Soo Hee;Choi, Myeong Soo;Kim, Hyung Jong
    • Smart Media Journal
    • /
    • v.6 no.3
    • /
    • pp.29-40
    • /
    • 2017
  • Lately weight for smartphone mounted to function for NFC is increasing, rapidly. Because of this, NFC related technology is made by many companies. We developed Gallery-Auction for security enhancements and new services of NFC-based 2 factor electronic payment system. Enhanced security features development of user authentication module through fingerprint recognition to apply FIDO authentication technology and developed electronic contract voice service of Gallery-Auction using TTS(Text to Speech). Therefore we enhanced convenient and simple authentication method and security through NFC mobile electronic payment.