A Novel Authentication Scheme for Online Transactions

Sarris, P., Mackenzie, L. and Chowdhury, S. (2014) A Novel Authentication Scheme for Online Transactions. In: SIN 2014: 7th International Conference on Security of Information and Networks, Glasgow, UK, 09-11 Sep 2014, pp. 483-486. ISBN 9781450330336 (doi: 10.1145/2659651.2659743)

Full text not currently available from Enlighten.


In this paper, we describe a novel method of approving and finalising financial transactions that would raise the bar for any potential attackers. The proposed scheme is based on the hypothesis that it would be significantly harder for an attacker to compromise two hardware devices or monitor and interfere with two communication channels at the same time. This will allow the users of this method to initiate a transaction on the Internet and then use their mobile phone in order to sanction the transfer of funds to a different account. In contrast to Two-Factor Authentication systems, this scheme does not require the online submission of any information that is received by the user's device but directly interacts through the mobile phone network. For this purpose the user's mobile phone has an additional encryption layer that allows it to communicate securely with the server side and convey the user's consent for a certain transaction. This ensures that the two channels and the authentication factors are kept independent. Therefore, even if the user's computer is compromised an attacker would not be able to set a fraudulent transaction without actually having the user's mobile phone and the unique data that are generated by the device.

Item Type:Conference Proceedings
Keywords:AES, financial transaction, fraud mitigation, hash algorithm, out of band authentication, public key cryptography, RSA, SHA, symmetric cryptography, two channel authentication, two factor authentication.
Glasgow Author(s) Enlighten ID:Mackenzie, Dr Lewis and Chowdhury, Soumyadeb
Authors: Sarris, P., Mackenzie, L., and Chowdhury, S.
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
College/School:College of Science and Engineering > School of Computing Science

University Staff: Request a correction | Enlighten Editors: Update this record