Abstract
Recently, the number of troubles about the user authentication for network services by phishing or spyware has been increasing. Utilizing hardware tokens such as IC cards, OTP cards, USB keys, or mobile phones are paid attention for making user authentications secure. However, most of the existing methods tend to take a lot of effort and costs for introducing hardware tokens. In addition, although the some methods are easy to be introduced, there are the problems about eavesdropping of the authentication information by malicious-ware such as key loggers. In this paper, we propose a user authentication method which does not need input and send the authentication information between a user terminal and a network service provider via the Internet, instead a one-time token that is issued by the provider and displayed as a matrix code on the user terminal, and the user reads the information with a matrix code reader on the user’s mobile phone, and convert and transmit it to the provider via a comparatively trusted mobile phone carrier’s network. The prototype system is implemented, and the user experiments which compare fix password type, two-factor one-time password type, and proposed type, were performed. As a result of a questionnaire about the usability, it was verified that the proposed method could impress users with comparatively high security and usability.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellovin, S.M.: Spamming, phishing, authentication, and privacy. Communications of the ACM 47(12), 144 (2004)
Berinato, S.: Smart cards: The intelligent way to security. Network Computing 9(9), 168 (1998)
RSA Security Inc.: SecurID. http://www.rsasecurity.com/node.asp?id=1156
Wu, M., Miller, R., Garfinkel, S.L.: Secure web authentication with mobile phones. In: DIMACS Symposium On Usable Privacy and Security 2004, DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ (2004)
NTT DoCoMo, Inc. (2006), http://www.nttdocomo.com/
Denso Wave Inc.: QR Code.com, http://www.qrcode.com/
KDDI Inc.: Security Pass. http://www.kddi.com/business/service/mobile/security_pass/
NTT DoCoMo, Inc.: FirstPass. http://www.nttdocomo.co.jp/p_s/firstpass/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Tanaka, M., Teshigawara, Y. (2007). A Method and Its Usability for User Authentication by Utilizing a Matrix Code Reader on Mobile Phones. In: Lee, J.K., Yi, O., Yung, M. (eds) Information Security Applications. WISA 2006. Lecture Notes in Computer Science, vol 4298. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71093-6_18
Download citation
DOI: https://doi.org/10.1007/978-3-540-71093-6_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71092-9
Online ISBN: 978-3-540-71093-6
eBook Packages: Computer ScienceComputer Science (R0)