METHOD AND SYSTEM FOR FACILITATING AUTHENTICATION OF SECONDARY ACCOUNT HOLDER DEVICE FOR TRANSACTIONS ORIGINATED AGAINST PRIMARY CARDHOLDER’S ACCOUNT

The present disclosure provides a method and system to facilitate authentication of secondary account holder device 104 for transactions originated against primary cardholder’s account. The present disclosure facilitates primary card holder to update issuer system 210 with valid secondary account holder device 104, which to be approved. Also, the present disclosure facilitates a process through which transaction processing through merchant portal is taken care when second factor authentication is provided by secondary account holder device 104. Therefore, the present disclosure avoids repeated transactions through primary account holder device 102, and hence improved overall Pre-settlement Risk (PSR) rate. A secondary account holder device 104 will initiate and complete the transaction with authentication without depending on the actual card holder to share the One Time Password (OTP)

two factor authentication for e government services using hardware like one time password generators

A safe and accessible authentication technique is a prerequisite for any modern e-government application. Two-factor authentication is currently widely adopted, since it alleviates many vulnerabilities of password-based authentication. The majority of e-government systems currently make use of text messages to deliver the second authentication factor, but these messages do not constitute an adequate (secure and reliable) solution. In this paper we show how to use One-Time Passwords (OTP) generated by a per-user, ad-hoc built application installed on a smartphone to support a two-factor authentication scheme specifically targeted to e-government tasks. In particular, we develop a process for the request, generation and distribution of such an application that achieves the same security of OTP hardware devices but avoids the related distribution and management costs, requiring no dedicated hardware and relying on the pre-existing administrative infrastructure. The process is designed to be accessible by any citizen who is able to perform very basic operations on a smartphone

A Cloud Authentication Protocol using One-Time Pad

There is a significant increase in the amount of data breaches in corporate servers in the cloud environments. This includes username and password compromise in the cloud and account hijacking, thus leading to severe vulnerabilities of the cloud service provisioning. Traditional authentication schemes rely on the users to use their credentials to gain access to cloud service. However once the credential is compromised, the attacker will gain access to the cloud service easily. This paper proposes a novel scheme that does not require the user to present his credentials, and yet is able to prove ownership of access to the cloud service using a variant of zero-knowledge proof. A challenge-response protocol is devised to authenticate the user, requiring the user to compute a one-time pad (OTP) to authenticate himself to the server without revealing password to the server. A prototype has been implemented to facilitate the authentication of the user when accessing Dropbox, and the experiment results showed that the overhead incurred is insignificant

An investigation into the “beautification” of security ceremonies

“Beautiful Security” is a paradigm that requires security ceremonies to contribute to the ‘beauty’ of a user experience. The underlying assumption is that people are likely to be willing to engage with more beautiful security ceremonies. It is hoped that such ceremonies will minimise human deviations from the prescribed interaction, and that security will be improved as a consequence. In this paper, we explain how we went about deriving beautification principles, and how we tested the efficacy of these by applying them to specific security ceremonies. As a first step, we deployed a crowd-sourced platform, using both explicit and metaphorical questions, to extract general aspects associated with the perception of the beauty of real-world security mechanisms. This resulted in the identification of four beautification design guidelines. We used these to beautify the following existing security ceremonies: Italian voting, user-to-laptop authentication, password setup and EU premises access. To test the efficacy of our guidelines, we again leveraged crowd-sourcing to determine whether our “beautified” ceremonies were indeed perceived to be more beautiful than the original ones. The results of this initial foray into the beautification of security ceremonies delivered promising results, but must be interpreted carefully