A Novel User Authentication Scheme Based on QR-Code

User authentication is one of the fundamental procedures to ensure secure communications and share system resources over an insecure public network channel. Thus, a simple and efficient authentication mechanism is required for securing the network system in the real environment. In general, the password-based authentication mechanism provides the basic capability to prevent unauthorized access. Especially, the purpose of the one-time password is to make it more difficult to gain unauthorized access to restricted resources. Instead of using the password file as conventional authentication systems, many researchers have devoted to implement various one-time password schemes using smart cards, time-synchronized token or short message service in order to reduce the risk of tampering and maintenance cost. However, these schemes are impractical because of the far from ubiquitous hardware devices or the infrastructure requirements. To remedy these weaknesses, the attraction of the QR - code technique can be introduced into our one-time password authentication protocol. Not the same as before, the proposed scheme based on QR code not only eliminates the usage of the password verification table, but also is a cost effective solution since most internet users already have mobile phones. For this reason, instead of carrying around a separate hardware token for each security domain, the superiority of handiness benefit from the mobile phone makes our approach more practical and convenient.

[1]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[2]  Jun Rekimoto,et al.  Augmented surfaces: a spatially continuous work space for hybrid computing environments , 1999, CHI '99.

[3]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[4]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[5]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[6]  Yi Li,et al.  An application and implementation of two-dimensional symbols for circuit board quality control system , 2004, 2nd IEEE International Conference on Industrial Informatics, 2004. INDIN '04. 2004.

[7]  Mohammad Peyravian,et al.  Secure remote user access over insecure networks , 2006, Comput. Commun..

[8]  Edward D. Lazowska,et al.  Designing an Architecture for Delivering Mobile Information Services to the Rural Developing World , 2006, Seventh IEEE Workshop on Mobile Computing Systems & Applications (WMCSA'06 Supplement).

[9]  Tasos Falas,et al.  Two-Dimensional Bar-Code Decoding with Camera-Equipped Mobile Phones , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[10]  J. Rouillard,et al.  Contextual QR Codes , 2008, 2008 The Third International Multi-Conference on Computing in the Global Information Technology (iccgi 2008).

[11]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[12]  Wei-Kuan Shih,et al.  Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards , 2009, Comput. Commun..