QR Code

Computer Science Thakur college of Engg. & Tech. Mumbai, India

Ashwini.

ABSTRACT
This work contributes in implementation and designs of an inventive secure authentication
method which utilizes a QR code; an open source proof of a concept authentication system that
uses a two way authentication by combining a password and a mobile phone, acting as an
authentication token. QR code is extremely secure as all the sensitive information stored and
transmitted is encrypted; however it is also an easy to use and cost-efficient solution. In the QR
code a complex password is stored. Smart phone is used for scanning the QR code. The code
om
is scanned with the QR code scanner. Scanning result generate one string which is the
combination of IMEI number of a phone which is register by the user and the random number,
c

where random number is generated by the random number function which is pre. If the network
r.

is available on the smart phone then that generated string is automatically entered into the login
page and homepage of bank is open. Otherwise six digit pin code is generated and it has to
xe

manually enter in the login page and home page of bank is open for transactions.[1]
fi

In a modern world where we are able to do almost everything on-line, it is nowadays a critical
es

matter to be able to access these services in the most secured manner. Indeed, as viruses and
cracking methods become more complex and powerful by the day, the available security
ad

techniques must improve as well, allowing users to protect their data and communications with
gr

the maximum confidence. The aim is to develop an authentication method using a two factor
authentication: a trusted device (a mobile phone) that will read a QR code and that will act as a
token, and a password known by the user.

INTRODUCTION
Now a day’s almost all the things we are able to do online (like banking, shopping,
communicating) and in this the challenge is that while doing this things online our information is
not get damaged. Indeed, as the method of cracking the security code get more complex and
powerful. These powerful applications allow user to work on untrusted computers confidently.
This work is based on the two way authentication system. In this the QR code provides security.
The existing system having security methods such as password, username, finger prints, and
face detection. But in these methods security is not up to the mark, so there is need to develop

Need help with the assignment?

Our professionals are ready to assist with any writing!

GET HELP
such security system which provides high security. The recent interest in the use of visual tags
in everyday life is a natural consequence of the technological advances found in modern mobile
Phones.[2] The QR code is a matrix consisting of an array of nominally square modules
arranged in an overall square pattern, including a unique pattern located at three corners of the
symbol and intended to assist in easy location of its position, size and inclination. A wide range
of sizes of symbols is provided together with four levels of error correction. There are two
sections in this system. In the encoding section conversion of input data to a QR Code symbol
takes place. In this the data analysis and encoding is done then after Error correction coding the
final message is structures. Decode section contains decoding of the input QR Code image and
displays the data contain that QR code. The decoding procedure starts with the reorganization
of black and white module then Decode format information.

LITERATURE SURVEY
In the literature survey we did the survey of certain systems which are common used. To
eliminate threat of phishing and to confirm user identity, QR-code which would be scanned by
om

user mobile device can be used and weakness of traditional password based system can be
improved by one time password (OTP) which can be calculated by user transaction information
c

and data unique at user side like imei number of the user mobile device. We just studied their
r.

working and tried to add unique features and disadvantages about them and tried to learn
xe

something new from each system.

fi

PROPOSED SYSTEM
es

To design a system which replaces the current OTP based two factor authentication system The
ad

QR based authentication system lets the user input the password, if the user is authenticated
then an encrypted string consisting of IMEI number of the user is displayed in the form of QR
gr

code. The user uses his phone to scan the QR code and if the encrypted string is same as the
IMEI number of the device the user is authenticated. To design a system for visually impaired
persons in which the person uses his phone to scan the QR code and after the scan is complete
the code is spoken out. The visually impaired can enter the code via text-to-speech to the web
application. Paper Name Disadvantages OTP Encryption Techniques in Mobiles for
Authentication and Transaction Security Most OTP systems are susceptible to real-time replay
and social engineering attacks. OTPs are also indirectly susceptible to man in the middle
(MITM) and man in the browser (MITB) attacks.

SURVEY ON INFORMATION HIDING TECHNIQUES USING

BARCODE

Need help with the assignment?

Our professionals are ready to assist with any writing!

GET HELP
They Can Breakdown Label damage. Scratched or crumpled barcodes may cause problems A
Secure Credit Card Protocol over NFC

1. Security problems.
2. Sensitive data can be accessed if card is lost.

QR CODE
QR code is the Quick Response code. Before the QR code there are some authentication
methods are available that are-User name and password, Bar code, Finger prints, Face identity.
But user name and password are not providing more security. And the Bar codes have some
limitations like bar code only stored up to 20 digits. So in bar code we are not able to stored
very complex password there for bar code is not more secure method.[3] Figure 4. Bar Code
Finger prints and the face identity methods are very costly and not affordable by common users.
For overcome all the drawbacks of existing system the QR code is introduce. QR codes (Quick
Response codes) were introduced in 1994 by Denso-Wave, a Japanese company subsidiary of
om

Toyota. QR codes are two-dimensional bar codes, so they can be read from any direction in
360. It can store up to 4,296 alphanumeric characters. So it is much more than the barcode can
c

stored. QR code’s structure is shown in the figure below: Advantages of QR code QR code is
r.

two dimensional and readable at any direction. Storage capacity of QR code is up to 4,296
xe

alphanumeric characters. It is readable if they are partially damage. It is easy to scan with
camera based device. QR codes are not readable by person. QR code can stores data which is
fi

stored in one dimensional bar code in one-tenth the space. QR code is providing information
correctly if it is damage up to 30%. It can handle many types of data like numeric, alphabetic.
es
ad

SYSTEM OVERVIEW
gr

REGISTRATION SYSTEM
The following steps give the information on how to complete the registration process: The first
user would go into the registration section in the web application and would submit her/his
username, password and IMEI number of the phone. After validating the data which is user
enter is stored in to database. The data which is in the database server produce the public and
private key and stored into the server. After this, the user would proceed to download and install
the application on her phone. When user first time run the application the class files of public
key and private are created and stored into the internal storage of mobile phone.[4] In a
registration if the user not enter all the values like username, password, IMEI number, mobile
number, and email address then registration process is not get completed. Validation is most
important part in registration process; if validation is not successful then user is not able to login.

Need help with the assignment?

Our professionals are ready to assist with any writing!

GET HELP
ONLINE AUTHENTICATION SYSTEM
First IMEI number and random number are encrypted using the public key. This encrypted string
generates the QR code using the QR code generation function which is present in java. Now
this QR code image is display on the client machine. User scans this QR code using mobile
phone. After scanning, in online mode means net is available on phone the generated string
(IMEI number and random number) is automatically get entered into the login page. After
successful login the home page of the bank is get open. So in our system there is no need to
remember the password that is combination of your IMEI number and the random number. The
server decrypts the string using the user public key and verifies that a row exists in the
transactions table with our random number, and then updates the row of transaction table.[5]
The server checks then that the IMEI is correct or not and assigned that IMEI to the correct
user. If the login is get successful the transaction row is deleted. It means every time the
generated QR code image is different. Now the PHP session is created and when user gets
logoff the session is destroyed.
om

OFFLINE AUTHENTICATION SYSTEM

c
r.

Using pin code generation algorithm, a unique six-digit number is generated from the encrypted
string (IMEI number and random number). This pin code user has to enter on login page
xe

manually with his username. For enter the pin code the keypad is available on screen. So there
is no need to enter the pin code using systems keypad. Here our system provides more
fi

security. After entering the pin code server verify the IMEI number of user which is stored in the
es

database. If the IMEI number is present then user is valid and then homepage Of bank is gets
open. Sequence diagram of Offline authentication The timestamp is also checked. If the random
ad

number is generated before the 5 minutes ago then session is destroyed. And user is not able
to login.
gr

SECURITY
In our system the security is more powerful because of the QR code and encryption algorithm. A
man-in-the-middle attack is not gets successful in our system because communication between
the server and user is always encrypted. Username is not gets reuse or copies because
username is get deleted after the user logout.[6] For mobile application person also need the
password so there is no way for any attack because the file is not easily accessible and it is
encrypted. If the untrusted person knows how to handle the internal storage then only the
security problem is created. A phishing attack on the mobile phone is possible by replacing the
application by another application. And the password is also get covered but without the
certificate it still not possible. Another security part is timestamp, if user is not able to login in

Need help with the assignment?

Our professionals are ready to assist with any writing!

GET HELP
given timestamp then login is not successful.

FUTURE SCOPE
In future we would like to improve many aspects of our project. We would like to add voice input
command feature to our website and android application. It will help the user to do his work
comfortably. We would like to use some advanced encryption and decryption algorithm, better
than AES.

CONCLUSION
This work provides additional security with the traditional way of online authentication of
banking; which includes username and password. However, by adding QR code authentication
the security measures for banking are enhanced. Two factor authentications are considered in
this system.[7] With the help of this QR code security is increased during the login of the
particular bank. Depending on the authentication only the client will be able to perform the
om

transaction.
c
r.

REFERENCES
xe

1. SnehalKalbhor, AshwiniMangulkar ,Mrs.SnehalKulkarni“Android App for Local Railway

fi

Ticketing Using GPS Validation” International Journal of Emerging Trends in Science

and Technology,IJETST-Volume 01,Issue- 01, March-2014,Pages 71-74.
es

2. Fu-HauHsu,Min-HaoWu,Shiuh-JengWANG, “Dual-watermarking by QR-code

Applications in Image Processin”.9th International Conference on Ubiquitous
ad

Intelligence and Autonomic and Trusted Computing,DOI 10.1109,2012,Pages 638-643.

gr

3. Mrs.ShantaSondur, Ms.TanushreeBhattacharjee “QR-Decoder and Mobile Payment

System for Feature Phone”, VESIT,International Technological Conference(I-
TechCON)-Jan. 03 – 04(2014), Pages 13-15.
4. SomdipDey, B. JoyshreeNath and C. AsokeNath “OTP Encryption Techniques in
Mobiles for Authentication and Transaction Security” Institute of Information Systems
Argentinierstrasse -2009.
5. Dr. A. P. Adsul, GayatriKumbhar, VrundaChincholkar, YogeshKamble, AnujaBankar
“Automated Exam Process using QR Code Technology” International Journal of
Application or Innovation in Engineering & Management, (IJAIEM)-ISSN
2319-4847,Vol.3,Issue 4,April- 2014,Pages-296-298.
6. Ben Dodson, DebangsuSengupta, Dan Boneh, and Monica S. Lam “Secure, Consumer-
Friendly Web Authentication and Payments with a Phone”, International Journal of
Applied Engineering Research, ISSN 0973-4562, Vol. 8, No. 17 (2013).

Need help with the assignment?

Our professionals are ready to assist with any writing!

GET HELP
 7. SadafShaikh, GayatriShinde, MayuriPotghan, TazeenShaikh,
RanjeetsinghSuryawanshi “SURVEY ON INFORMATION HIDING TECHNIQUES
USING BARCODE” International Journal of Advanced Research in Computer Science
and Software Engineering,ISSN:2277 128X,Vol.4,Issue 3,March 2014,Pages
1184-1187.

c om
r.
xe
fi
es
ad
gr

Need help with the assignment?

Our professionals are ready to assist with any writing!

GET HELP

Powered by TCPDF (www.tcpdf.org)