Research on Multi-factor Authentication Mode for Online Security Payment

doi:10.3969/j.issn.1671-1122.2015.12.008

Abstract

Abstract:

The vulnerability is that access is based on only single factor authentication which is not secure to protect user data, and there is a need of multi-factor authentication. With online payment system development acknowledged, this paper proposes the countermeasures of highlighting online payment security at current situation and points out a new protocol based on multi-factor authentication system that is both secure and highly usable. It uses a novel approach based on transaction identification code and fingerprint to enforce another security level with the traditional login password system. This protocol for online payment is extended as a two way authentications system to satisfy the emerging market need of mutual authentication and also supports secure B2C communication. The realization method of authentication mode is given followed by an analysis which verifies that this mode can enhance the security of the online payment.

Key words: fingerprint recognition, identification code, multi-factor authentication, online payment

CLC Number:

TP309

GE Quanyue, CHE Lijun. Research on Multi-factor Authentication Mode for Online Security Payment[J]. Netinfo Security, 2015, 15(12): 48-53.

Figures/Tables 6

References 15

[1]	LI C, LEE C.A Novel User Authentication and Privacy Preserving Scheme with Smart Cards for Wireless Communications[J]. Mathematical and Computer Modelling, 2012,55(1-2):35-44.
[2]	SOOD S K,SARJE A K,SINGH K.A Secure Dynamic Identity Based Authentication Protocol for Multi-server Architecture[J]. Journal of Network and Computer Applications, 2011,34(2):609-618.
[3]	LEE C, LIN T,CHANG R.A Secure Dynamic ID Based Remote User Authentication Scheme for Multi-server Environment Using Smart Cards[J]. Expert Systems with Applications, 2011,38(11):13863-13870.
[4]	徐剑,赵英南,田永纯,等. 融合二维码与人脸识别的会议身份认证系统研究[J]. 信息网络安全,2015(4):13-18.
[5]	LIAO Y, WANG S.A Secure Dynamic ID Based Remote User Authentication Scheme for Multi-server Environment[J]. Computer Standards & Interfaces, 2009,31(1):24-29.
[6]	TSAI J.Efficient Multi-server Authentication Scheme Based on One-way Hash Function without Verification Table[J]. Computers & Security, 2008,27(3-4):115-121.
[7]	李慧智,韩广国,王沂. 一种漫游网络中可证安全的用户认证方案研究[J]. 信息网络安全,2015(7):51-57.
[8]	RAMASAMY R, MUNIYANDI A.New Remote Mutual Authentication Scheme Using Smart Cards[J]. Transactions on Data Privacy, 2009,2(2):141-152.
[9]	KUMAR M.New Remote User Authentication Scheme Using Smart Cards[J]. IEEE Transaction on Consumer Electronics, 2004,50(2):597-600.
[10]	LAMPORT L.Password Authentication with Insecure Communication[J]. Communications of the ACM,1981,24(11):770-772.
[11]	程亮,刘辉.一种基于三因素认证的网络支付安全认证模式[J].计算机应用,2008,28(7):1810-1812.
[12]	范月,许晋,高宇童. eID移动身份认证系统的研究与实现[J]. 信息网络安全,2015(3):48-53.
[13]	冯登国. 网络安全原理与技术[M].北京:科学出版社,2003.
[14]	段然,徐乃阳,胡爱群. 基于形式化分析工具的认证协议安全性研究[J]. 信息网络安全,2015(7):71-76.
[15]	李雄. 一种基于三因素认证的网络支付安全认证模式[D]. 北京:北京邮电大学,2012.