A SMART CARD-BASED MOBILE SECURE TRANSACTION SYSTEM FOR MEDICAL TREATMENT EXAMINATION REPORTS. Received January 2010; revised May 2010

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "A SMART CARD-BASED MOBILE SECURE TRANSACTION SYSTEM FOR MEDICAL TREATMENT EXAMINATION REPORTS. Received January 2010; revised May 2010"

Transcription

1 International Journal of Innovative Computing, Information and Control ICIC International c 2011 ISSN Volume 7, Number 5(A), May 2011 pp A SMART CARD-BASED MOBILE SECURE TRANSACTION SYSTEM FOR MEDICAL TREATMENT EXAMINATION REPORTS Chin-Ling Chen 1, Yeong-Lin Lai 2, Chih-Cheng Chen 2 and Ying-Luen Chen 1 1 Department of Computer Science and Information Engineering Chaoyang University of Technology 168, Jifeng E. Rd., Wufong District, Taichung 41349, Taiwan 2 Department of Mechatronics Engineering National Changhua University of Education Changhua 50007, Taiwan Received January 2010; revised May 2010 Abstract. In many countries, the use of electronic health care and medical treatment services have become essential components of efforts to provide citizens with a high level of service that promises the advantages of convenience, mobility and time saving. On the other hand, hospitals require efficient management of medical treatment. In this paper, we combine these requirements and propose a smart card-based mobile medical treatment examination report transaction system to achieve a secure transaction model. We apply cryptography mechanisms to reduce cost, share medical treatment resources, mobilize services and simplify examination procedures. With this product, both supply merchants and retailers can find their niche. Moreover, users can share the mobile medical treatment examination resources saving much valuable time. Keywords: Mobile medical treatment, Smart card, Secure transaction, Security 1. Introduction. With an aging society, changes in population structure and medical challenges, issues that relate to the introduction of new health care initiatives and the management of medical treatment must be addressed. For instance, how patients can be provided with convenient medical services is an important question worthy of being researched. According to Business Weekly magazine (March, 2007) [1], population trends will dominate the discussion of global economic development in the coming twenty-five years. The medical treatment industry is expanding rapidly. The Market Intelligence Center (MIC) predicts that the value of the global health care industry will rise to US$597 billion by In Taiwan, expenditures in the health care industry will reach US$18 billion [2]. As such, mobile medical treatment is recognized as an important future trend in medical and technological industry. The smart card is an important facet of the public key infrastructure integrated into the Windows platform by Microsoft. Smart cards can enhance software solutions, such as the client identification and log-in. Smart cards contain the following features: (1) The capability to operate, access control and store. (2) The ability to perform repetitive writing and deleting. (3) They provide safe protection to hardware, limiting access data to a smart card without authorization. (4) Algorithms such as DES, RSA and Hash are built into smart cards for encryption and decryption to assure the security of data transmission. (5) Through security systems such as RSA, smart cards can generate the corresponding digital signatures for electronic transactions, which can be used as the authorization basis 2257

2 2258 C.-L. CHEN, Y.-L. LAI, C.-C. CHEN AND Y.-L. CHEN for both sides of a transaction. (6) Users must simultaneously introduce a smart card and the corresponding personal ID to further access data. (7) Be suitable for off-line systems and reduce costs. (8) It must be portable and convenient. (9) They must not be affected by any outside magnetic field. Applications for smart cards can be combined with the basic structure of a public key and related cryptosystems to achieve the following goals: (1) Protect the private key and other personal information while providing storage for the prevention of distortion. (2) Provide a judgment system for security settings, including identity authentication and digital signature. (3) Provide portability for personal data or certificate stored in the office, at home or in a computer. It is both the variety of forms and the features of portability that make for the popularity of the developmental system Related works. A review of smart card-related literature shows its use for authentication of a remote user. We propose a mobile medical treatment examination secure transaction that utilizes smart cards. In 1981, Lamport [3] provided the first remote user authentication scheme; however, an encryption technique was not used. Subsequently, researchers proposed similar schemes to promote efficiency and security. In 2000, Huang and Li [4] pointed out that in Lamport s scheme, a modified password might still pass authentication. So, a new remote user authentication design was proposed using smart cards that did not require a table to check the authenticity of a registration number. Chien et al. [5], Huang and Wei [6] also proposed an efficient and practical solution for remote User Authentication Protocol using smart cards. Subsequently, in 2004, Ku and Chen [7] pointed out that Chien and Tseng s scheme might suffer from replay and insider attacks. In response, an enhanced scheme was proposed. In 2004, Kumar [8] asserted that Ku and Chen s scheme could easily be exposed to a guessing or insider attack. In 2005, Chang and Lee [9] pointed out that attackers could enter the remote system at random in Wu and Chieu s 2003 scheme [10]. They proposed a highly-efficient, user-friendly and secure authentication scheme, whereby both users and remote systems allow mutual authentication, as well as adding the capability for users to choose their password. In the same year, Yoon and Yoo [11] discovered that a project by Lee et al. [12] easily came under forging attack by a server; it had problems transmitting private keys and did not maintain a secure password change. They also asserted that even when a private key or password is stolen or changed, it is still secure. In addition, it takes little time for the user to become aware that the wrong password had been entered. In 2004, Awassthi and Lal [13] suggested that a dynamic ID-based remote user authentication scheme by Das et al. [14] was not secure. In that system, the user was free to login or logout of the server without passwords. Then in 2006, Misbahuddin et al. [15], building on Das et al. in 2003, proposed an efficient ID-based remote user authentication scheme. They declared that this method was not subject to theft, guessing attack, insider attack, forging attack or replay attack. Instead, users had the freedom to choose their own password and change it with a secure mutual authentication. Finally, drawing from Ku and Chen s scheme [7] and Yoon and Yoo s scheme [11], Wang et al. in [16] determined that it was still exposed to guessing attack, DOS attack, forging attack and lacked efficiency. They then improved the two schemes above and proposed an efficient system to assure security, in which an incorrect password from the user can be immediately discovered. However, as it has been demonstrated by Yoon and Yoo [11], Wang et al. s scheme still does not provide perfect forward secrecy and is susceptible to both guessing attack and Denning-Sacco attack. From PCs to mobile phones to access to control devices, biometrics provides a convenient, reliable and cost-effective means for providing high levels of security and other value-added benefits to the end-user. Despite this, biometrics holds some privacy and security shortcomings; many researchers have proposed schemes to overcome these obstacles

3 A SMART CARD-BASED MOBILE SECURE TRANSACTION SYSTEM 2259 as in [17]. Mobile devices, such as: notebooks, mobile phones and personal digital assistants are increasingly used. Moreover, fingerprint sensors embedded into mobile devices is a future trend. In recent years, smart card-based application systems [18,19] have been proposed for mobile secure transaction. On the basis of Wang s scheme, we propose an improvement smart card-based mobile secure transaction system for medical treatment examining reports. In our scheme, users can employ a smart card for a medical examination. The proposed scheme adopts the basic operational ability of the smart card. It combines cryptography technology [19,20] when the user receives a smart card from the retailer and has his physiological condition measured by the physiological equipment provided by suppliers. Later, this data will be transmitted to a hospital medical information system and for online consultation by doctors. The PIN code mechanism must achieve the following goals: (1) authentications, (2) low cost, (3) it must share medical examination resources, (4) it must be mobile and (5) must simplify medical treatment examinations System requirements. The smart card-based medical treatment management system can provide a portable medical treatment report for the reduction of medical waste and the enhancement of access control security. The proposed system focuses on integrating the medical treatment equipment supplier, the retailer management system and the hospital information system into the medical treatment management system to reduce the cost and share resources. As this system adopts a client server model, the necessary requirements are as follows: (1) Prevention of spoofing attack: A spoofing attack occurs when a person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage. Hence, both the server and client must complete mutual authentication. (2) Prevention of forging attack: A well designed system can identify the legality of transmitted messages via effective verification, thus detecting illegal users. (3) High efficiency password verification: When a user enters a password at the login phase, it is easy and efficient to immediately verify the legality. (4) Prevention of replay attack: A replay attack is a network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts data and retransmits it. (5) Prevention of denial-of-service attack: A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. (6) Two-factor issues: In order to enhance security, password and fingerprint functions occur at the login phase. The proposed protocol will be introduced in Section 2, the security analysis and discussion of the protocol in Section 3 and the conclusion in Section Our Schema. The primary processes of our system are shown in Figure 1. An introduction to system roles follows: (1) Medical treatment equipment supplier (S): the manufacturer of both medical treatment examination equipment and the smart cards. (2) Retailer (R): one who provides a location for the medical treatment examination equipment and sells the smart cards. (3) User (U): one who uses medical examination equipment. (4) Hospital Server (HS): the server is set up in the hospital. As a result of the cooperation between the hospital and the medical treatment equipment supplier, the server can transfer all useful data to the doctors for reference. (5) Doctor (D): one who is responsible for interpreting medical information and making medical suggestions to patients.

4 2260 C.-L. CHEN, Y.-L. LAI, C.-C. CHEN AND Y.-L. CHEN Figure 1. A flow chart of the mobile medical treatment examining report transaction system based on smart cards The flowchart depicting the entire transaction system is described as follows: Step 1: The medical treatment supplier will set up the medical treatment examination equipment at the retailer location; the retailer can then sell the tamperproof smart cards with the use of the medical treatment examination equipment. Step 2: The user purchases a smart card from the retailer. The valid use number stored on the smart card can be accessed by the medical treatment examination equipment. The user simply inserts his/her smart card to begin a medical examination. When an examination is finished, the valid use number of the smart card will be subtracted by the examination equipment. When the examination is finished, the result will be stored on the smart card for the user to take away. The user may then transfer the data to a cooperating hospital to analyze the examination result. Step 3: After a user finishes the medical treatment examination, he can insert the smart card into the card reader and input the fingerprint PIN code sending the information to the HS for mutual authentication. The server will use the public key for the medical treatment equipment supplier to verify the legality of the smart card. Step 4: If a smart card is legal, the server will modify the data into useful information and send it to the doctor for diagnosis. Step 5: The doctor will make a diagnosis using the information from the server; he/she will make a medical suggestion and send it to the user with a signature. Step 6: The medical treatment equipment suppliers and the retailers will settle fees regularly. Step 7: The Both hospital authorities and medical treatment equipment suppliers will settle fees Notations. Below is an introduction to notations that will be used in our scheme. SK X : X s private key. P K X : X s public key. S SKX (m): use X s private key SK X to produce a signature for message m.

5 A SMART CARD-BASED MOBILE SECURE TRANSACTION SYSTEM 2261 SG X : the signature for X. V P KX (): use X s public key P K X to verify a doctor s signature. U i : the i th user. ID i : the identity code of the i th user. ID s : the identity of a smart card. P W i : the password for a user s fingerprint i. HS: the hospital server. h(): the one-way hash function. T 1, T 2, T 3, T 4 : time stamps. T : a valid time interval. : exclusive or operation. X, Y : two secret parameters selected by the server and user respectively. E K (): encrypt information with the symmetric key K. D K (): decrypt information with the symmetric key K. A? =B: determines whether A is equal to B. The systematic protocol of the smart card considered in this research can be categorized into 4 phases: the registration phase, login phase, verification phase and password modification phase Registration phase. After purchasing the smart card from the retailer, the user must register his/her information and record fingerprints from the server (We assume the communication channel has been secured during the register phase). Then, the HS will execute the following steps. A flow chart detailing the registration phase is shown in Figure 2. Figure 2. A registration phase flow chart phase Step 1: User U i selects password P W i, Y and then, sends his identity ID i, P W i, Y and ID s to the HS via secure channel. Step 2: The HS selects a secret parameter X, and then, calculates the following parameters: K 1 = h(id i P W i ID s X Y ) (1) R = K 1 h(p W i ID s Y ) (2) V = h(k 1 R) (3) P = h(r V ) Y (4) Step 3: The HS saves K 1, R, V, user s ID i, ID s and P W i in the data server.

6 2262 C.-L. CHEN, Y.-L. LAI, C.-C. CHEN AND Y.-L. CHEN Step 4: The HS sends R, V, P to User U i smart card save Login phase. The user inserts his/her smart card into the card reader and inputs the fingerprint PIN code to login. A login phase flow chart is shown in Figure 3. Figure 3. A login phase flow chart Step 1: The user inputs the smart card identity ID S, secret parameter Y and password P W i ; the smart card will calculate the parameters of K 2 and C 1 in T 1 time. and K 2 = R h(p W i ID s Y ) (5) C 1 = h(h(p W i ID s Y )) (6) The system will verify C 1 = V. If verified, the smart card will calculate, otherwise it will terminate the process. Step 2: User U i sends ID i, T 1, and C 2 to the HS. Y = P h(r V ) (7) C 2 = (C 1 Y T 1 ) (8) 2.4. Verification phase. After the HS receives the i th User s login request, it will execute the verification steps. A verification phase flow chart is shown in Figure 4. Step 1: When the HS receives the User request message in T 2, it will check the user identity ID i in the database server and verify whether the formula (T 2 T 1 ) T is correct. If ID i is invalid or the formula (T 2 T 1 ) T is not formed, the HS will refuse the i th User request. Otherwise, the HS will pick up the corresponding V from the database to calculate W = (V Y T 1 ), and then, verify the formula W = C 2. If the value is equal, the HS will accept the User request U i, and calculate Z = h(k 1 T 3 ) in T 3. Step 2: The HS sends (Z, T 3 ) to User U i. Step 3: After User U i receives the message in T 4, the system will verify whether the formula (T 4 T 3 ) T is correct. If it is not, the U i will terminate the process. Otherwise, U i will calculate the formula C 3 = h(r h(p W ID s Y ) T 3 ), and verify that C 3 is equal to Z. If the value is equal, this signifies that U i has verified the HS. Step 4: The user transfers the examination report stored on the smart card to the HS. The HS will change this specific report format into an examination message msg, and then, transfer it to the doctor for diagnosis.

7 A SMART CARD-BASED MOBILE SECURE TRANSACTION SYSTEM 2263 Figure 4. A verification phase flow chart Step 5: After diagnoses the examination message msg, the doctor will place a signature SG D = S SKD (msg, M) on the suggestive medical message M and on the examination information with his private key SK D. Later, the doctor sends the msg, M and SG D to U i for reference. Anyone can use the doctor s public key to verify the signature as follows: V P KD (SG D )? =(msg, M) (9) 2.5. Password modification phase. If a user wants to modify his password, he/she can choose a new fingerprint from another finger and send it to the HS to change the password. A password modification phase flow chart is shown in Figure 5. Figure 5. A password modification flow chart Step 1: U i makes a request to modify the password, and inputs ID S, the old password P W i, Y and the new password new P W i. The smart card will calculate K 1 = R h(p W i ID s Y ) (10)

8 2264 C.-L. CHEN, Y.-L. LAI, C.-C. CHEN AND Y.-L. CHEN C 4 = E K1 (new P W i, V ) (11) and send ID i and C 4 to the HS. Step 2: The HS can decrypt C 4 with the corresponding K 1 of the legal users ID i to get a new P W i and V as follows: D K1 (C 4 ) = (new P W i, V ) (12) Only the legal user s secret parameter V is equal to V that is stored in the HS. The HS computes and stores new K 1, new R and new V as follows. new K 1 = h(id i new P W i ID s X Y ) (13) new R = new K 1 h(new P W i ID s Y ) (14) new V = h(new K 1 new R) (15) Step 3: The HS sends new V and new R to User U i. 3. Security Analysis and Discussions Security analysis. (1) Spoofing attack: The HS sends the message (Z, T 3 ) to the user in Step 2 of the verification phase. If an attacker intercepts the message and recreates (Z, T 3) for the user, the user will verify C 3 = Z in Step 3 of the verification phase. Both the HS and the users can prevent the false HS from communicating through mutual verification with the user. (2) Forging attack: If a message is intercepted by an attacker as (ID i, T 1, C 2 ) a user is sending it to a hospital server in the login phase, the message will be changed to (ID i, T 1, C 2) and sent to the server. Because an attacker cannot recognize Y, the server will verify W C 2, where W = h(v Y T 1) in Step 1 of the verification phase. Thus, the illegal user will be detected. (3) High efficiency password verification: When a user enters an incorrect password P W i (or inputs the wrong fingerprint) in the login phase, the smart card will calculate K 2 = R h(p W i ID s Y ) and C 1 = h(h(p W i ID s Y )) to verify the result C 1 V. The verification in these two steps shows that the incorrect password is not workable. When the wrong password is entered, the error will be discovered immediately. (4) Replay attack: Through a time-stamp mechanism, messages in Steps 1 and 2 of the verification phase will determine whether they are transmitted to the receiver within a valid timeframe. Any intention to pass the transaction with the old message is not workable. (5) Denial of service attack: When verifying whether W = C 2 is correct in Step 1 of the verification phase, if the verification fails, the server will terminate the operation. (6) Two-factor issues: Due to the fact that we involve a unique fingerprint as a verifiable factor, if the user possesses neither factor (smart card and the fingerprint password), misuse of lost data by a malicious adversary will not exist in our scheme. The attackers will not forge a legal user. Moreover, it is impossible for attackers to intercept sensitive information during a doctor s examination; it can only be accessed when the user agrees that the doctors can diagnose his or her condition, i.e., when the user puts his or her finger on the tamperproof fingerprint identification machine, the doctor can retrieve the anamnesis. The proposed scheme involves a two-factor authentication mechanism to prevent illegal access and ensure user privacy. For the same reason, our scheme can also prevent a guessing attack and a Denning-Sacco attack while providing perfect forward secrecy. Our system is a clear improvement on that of Wang et al.

9 A SMART CARD-BASED MOBILE SECURE TRANSACTION SYSTEM Discussions and comparisons. (1) Convenience: We have proposed a mobile medical treatment examination report transaction system using smart cards. With the smart cards, users can obtain their medical examination at a retail location where medical treatment examination equipment has been set up, instead of going to the hospital. This method will provide patients with a convenient medical service that promotes the output value of the related industry. (2) Cost reduction: In this paper, efficiency, the quality of medical service and the internal procedures of a hospital can be improved to enhance efficiency for patients seeking medical treatment. By doing so, doctors in various departments can retrieve medical records to make a thorough diagnosis. The promotion of electronic medical records can lower costs and prevent errors. Because user examination reports are stored in the memory card, it can help a user understand his/her health condition. In addition, when a user requests a follow-up treatment in the hospital, he/she can reduce an unnecessary physical examination to increase the convenience of medical treatment. (3) Sharing medical treatment examination resources: This examination report can achieve the requirement for sharing information between hospitals and help integrate a medical treatment network, the division between prescribing and dispensing, mobile medical treatment and remote diagnosis. Meanwhile, we can take advantage of information technology to achieve market segmentation, such as an online registration service, medical treatment consultation, comments and responses and a physiological diagnosis expert system. A new service can be developed as well, one that might include instant interaction with patients. We propose that the suppliers of medical treatment equipment, the hospital and retailers cooperate to share medical treatment examination resources. (4) Mobility: The mobile care medical treatment service focuses not only on the development of new technology, but integrates current services and information. The ultimate goal of boosting mobile medical service is to accelerate the birth of a mobile health selfmanagement service. This fully combines related information as well as a communication system service that creates an omnibearing mobile health care environment. User medical treatment information can be made mobile by smart cards allowing users to carry the measured information for a necessary medical diagnosis. An examination procedure, therefore, is not limited to time and space. (5) Simplification of medical treatment examinations: Simplifying the medical service process, enhancing the convenience of seeking medical treatment and reducing a patient s burden yields twice the results with half the effort. In our method, users do not have to conduct a regular procedure to complete a medical examination in the hospital. Instead, they can have the medical examination at a retail location. This will ensure that even though one is not in the hospital, one can still have a medical examination. (6) Comparisons: We compared our approach with that of Kardas and Tunali s scheme [19] and Markovic s scheme [21] in Table 1. Kardas and Tunali pointed out that their schemes involved authentication and signature, while Markovic proposed four authentication methods that included: PIN Code, PKI smart card, smart card biometric characteristics and challenge responses. Of these systems, only our proposal can achieve e-health mobility while applying a business model. Although Markovic s scheme employs different signatures and user end authentications, they do not propose an application and business model. In Table 1, our scheme is shown not only to perform a mobile medicine query and a mobile medical examining report interchange, but also that it can be applied to a business model. 4. Conclusions. We have proposed a secure, smart card-based, mobile medical treatment examination report transaction system to provide an alternative for patients than

10 2266 C.-L. CHEN, Y.-L. LAI, C.-C. CHEN AND Y.-L. CHEN Table 1. A comparison of related smart card-based systems Smart card-based Kardas and Turhan System Tunali s scheme [19] Markovic s scheme [21] Our system What to be based Smart Card Based Smart Card Based Smart Card Based Solution Issue Healthcare Mobility of Information E-health System Medical Exam. System 1. PIN Code Yes 2. PKI smart card Yes User end (using PIN code 3. Smart card biometric (using PIN code Authentication and fingerprints) characteristic and fingerprint) 4. Challenge response Signature Mechanism DSA PKI PKI Proposed Application Yes N/A Yes Mobility Yes N/A Yes Business Model N/A N/A Yes Exam. Report Interchangeable N/A N/A Yes attending a hospital for health checkups. Instead, the user purchases a smart card from a retailer and can therefore be examined by medical treatment equipment to. Through a process of mutual authentication between the smart card and the server, timestamp and password mechanism, the security of a transaction can be guaranteed. By doing so, requirements that include the sharing of medical treatment examination resources, mobility, a prompt interactive model and a low cost requirement can be satisfied. Examinees can also eliminate significant waiting time. Hence, our system is practical and workable. Acknowledgment. This work is partially supported by the National Science Council, Taiwan, under contract No. NSC E The authors also gratefully acknowledge the helpful comments and suggestions of the reviewers, which have improved the presentation. REFERENCES [1] Business Weekly, [2] MIC (Market Intelligence Center), [3] L. Lamport, Password authentication with insecure communication, Communication of the ACM, vol.24, no.11, pp , [4] M. S. Hwang and L. H. Li, A new remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, vol.1, no.46, pp.28-30, [5] H. Y. Chien, J. K. Jan and Y. M. Tseng, An efficient and practical solution to remote authentication: Smart card, Computers & Security, vol.4, no.21, pp , [6] H.-F. Huang and W.-C. Wei, A new efficient and complete remote user authentication protocol with smart card, International Journal of Innovative Computing, Information and Control, vol.4, no.11, pp , [7] W. C. Ku and S. M. Chen, Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronic, vol.1, no.50, pp , 2004.

11 A SMART CARD-BASED MOBILE SECURE TRANSACTION SYSTEM 2267 [8] M. Kumar, On the weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards, Cryptology eprint Archive: Report 163, /complete/. [9] C. C. Chang and J. S Lee, A smart-card-based remote authentication scheme, Proc. of the 2nd International Conference on Embedded Software and Systems, [10] S. Y. Wu and B. C. Chieu, A user friendly remote authentication scheme with smart cards, Computers & Security, vol.6, no.22, pp , [11] E. J. Yoon and K. Y. Yoo, More efficient and secure remote user authentication scheme using smart cards, Proc. of the 11th International Conference, [12] S. W. Lee, H. S. Kim and K. Y. Yoo, Improved efficient remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, vol.2, no.50, pp , [13] A. K. Awasthi and S. Lal, Comment on a dynamic ID-based remote user authentication scheme, Transaction on Cryptology, vol.2, no.1, pp.15-17, [14] M. L. Das, A. V. Saxena and P. Gulati, A dynamic ID-based remote user authentication scheme, IEEE Trans. Consumer Electronics, vol.2, no.50, pp , [15] M. Misbahuddin, M. A. Ahmed, A. A. Rao, C. S. Bindu and M. A. M. Khan, A novel dynamic ID-based remote user authentication scheme, 2006 Annual India Conference, pp.1-5, [16] X. M. Wang, W. F. Zhang, J. S. Zhang and M. K. Khan, Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards, Computer Standards & Interfaces, vol.29, no.5, pp , [17] Fujitsu Company, index.html. [18] C.-L. Chen, An All-In-One mobile DRM system design, International Journal of Innovative Computing, Information and Control, vol.6, no.3(a), pp , [19] G. Kardas and E. T. Tunali, Design and implementation of a smart card based healthcare information system, Computer Methods and Programs in Biomedicine, vol.81, no.1, pp.66-88, [20] C.-L. Chen, Y.-Y. Chen and Y.-H. Chen, Group-based authentication to protect digital content for business applications, International Journal of Innovative Computing, Information and Control, vol.5, no.5, pp , [21] M. Markovic, On secure e-health systems, Lecture Notes in Computer Science, vol.4302, no.5, pp , 2006.

CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME

CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME Mohammed Aijaz Ahmed 1, D. Rajya Lakshmi 2 and Sayed Abdul Sattar 3 1 Department of Computer Science and

More information

An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography

An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography ROMANIAN JOURNAL OF INFORMATION SCIENCE AND TECHNOLOGY Volume 16, Number 4, 2013, 324 335 An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography

More information

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card C. Koner, Member, IACSIT, C. T. Bhunia, Sr. Member, IEEE and U. Maulik, Sr. Member, IEEE

More information

A More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC

A More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC International Journal of Network Security, Vol.18, No.2, PP.217-223, Mar. 2016 217 A More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC Dianli Guo and Fengtong

More information

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER Mrs. P.Venkateswari Assistant Professor / CSE Erode Sengunthar Engineering College, Thudupathi ABSTRACT Nowadays Communication

More information

Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics

Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics Younsung Choi College of Information and Communication Engineering, Sungkyunkwan University,

More information

On the Security Enhancement of Integrated Electronic Patient Records Information Systems

On the Security Enhancement of Integrated Electronic Patient Records Information Systems Computer Science and Information Systems 12(2):857 872 DOI: 10.2298/CSIS141029030K On the Security Enhancement of Integrated Electronic Patient Records Information Systems Muhammad Khurram Khan 1, Ankita

More information

A Stubborn Security Model Based on Three-factor Authentication and Modified Public Key

A Stubborn Security Model Based on Three-factor Authentication and Modified Public Key International Journal of Network Security, Vol.18, No.6, PP.1060-1070, Nov. 2016 1060 A Stubborn Security Model Based on Three-factor Authentication and Modified Public Key Trung Thanh Ngo and Tae-Young

More information

Authentication Protocols Using Hoover-Kausik s Software Token *

Authentication Protocols Using Hoover-Kausik s Software Token * JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 691-699 (2006) Short Paper Authentication Protocols Using Hoover-Kausik s Software Token * WEI-CHI KU AND HUI-LUNG LEE + Department of Computer Science

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

Research Article. Research of network payment system based on multi-factor authentication

Research Article. Research of network payment system based on multi-factor authentication Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor

More information

Secure Authentication of Distributed Networks by Single Sign-On Mechanism

Secure Authentication of Distributed Networks by Single Sign-On Mechanism Secure Authentication of Distributed Networks by Single Sign-On Mechanism Swati Sinha 1, Prof. Sheerin Zadoo 2 P.G.Student, Department of Computer Application, TOCE, Bangalore, Karnataka, India 1 Asst.Professor,

More information

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT K.karthika 1, M. Daya kanimozhi Rani 2 1 K.karthika, Assistant professor, Department of IT, Adhiyamaan College of Engineering, Hosur

More information

Efficient Nonce-based Authentication Scheme for. session initiation protocol

Efficient Nonce-based Authentication Scheme for. session initiation protocol International Journal of Network Security, Vol.9, No.1, PP.12 16, July 2009 12 Efficient Nonce-based Authentication for Session Initiation Protocol Jia Lun Tsai Degree Program for E-learning, Department

More information

Improving Security on Smart-Based Password Key Agreement

Improving Security on Smart-Based Password Key Agreement Improving Security on Smart-Based Password Key Agreement Raja Iyappan P, Krishnaveni V, Karthika M P.G student, Dept of CSE, Dhanalakshmi Srinivasan Engineering College, Tamilnadu, India P.G student, Dept

More information

On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme

On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme Manoj Kumar Department of Mathematics R. K. College Shamli-Muzaffarnagar,.P.-India - 247776 E-mail: yamu balyan@yahoo.co.in

More information

A Study on Secure Electronic Medical DB System in Hospital Environment

A Study on Secure Electronic Medical DB System in Hospital Environment A Study on Secure Electronic Medical DB System in Hospital Environment Yvette E. Gelogo 1 and Sungwon Park 2 * 1 Catholic University of Daegu, Daegu, Korea 2 Department of Nursing, Hannam University, 133

More information

Chapter 16: Authentication in Distributed System

Chapter 16: Authentication in Distributed System Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed Computing: Principles, Algorithms, and Systems Cambridge University Press A. Kshemkalyani and M. Singhal

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags

A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags Sarah Abughazalah, Konstantinos Markantonakis, and Keith Mayes Smart Card Centre-Information Security Group (SCC-ISG) Royal Holloway,

More information

SecureMessageRecoveryandBatchVerificationusingDigitalSignature

SecureMessageRecoveryandBatchVerificationusingDigitalSignature Global Journal of Computer Science and Technology: F Graphics & Vision Volume 14 Issue 4 Version 1.0 Year 2014 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals

More information

ROBUST AND PRIVACY PROTECTION AUTHENTICATION IN CLOUD COMPUTING

ROBUST AND PRIVACY PROTECTION AUTHENTICATION IN CLOUD COMPUTING International Journal of Innovative Computing, Information and Control ICIC International c 2013 ISSN 1349-4198 Volume 9, Number 11, November 2013 pp. 4247 4261 ROBUST AND PRIVACY PROTECTION AUTHENTICATION

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

Secure File Transfer Using USB

Secure File Transfer Using USB International Journal of Scientific and Research Publications, Volume 2, Issue 4, April 2012 1 Secure File Transfer Using USB Prof. R. M. Goudar, Tushar Jagdale, Ketan Kakade, Amol Kargal, Darshan Marode

More information

Efficient nonce-based authentication scheme for Session Initiation Protocol

Efficient nonce-based authentication scheme for Session Initiation Protocol Efficient nonce-based authentication scheme for Session Initiation Protocol Jia Lun Tsai National Chiao Tung University, Taiwan, R.O.C. crousekimo@yahoo.com.tw Abstract: In recent years, Session Initiation

More information

15-2394-3696 RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

15-2394-3696 RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM Dhanashri Bamane Vinayak Pottigar Subhash Pingale Department of Computer Science and Engineering SKN

More information

A Generic Framework to Enhance Two- Factor Authentication in Cryptographic Smart-card Applications

A Generic Framework to Enhance Two- Factor Authentication in Cryptographic Smart-card Applications A Generic Framework to Enhance Two- Factor Authentication in Cryptographic Smart-card Applications G.Prakash #1, M.Kannan *2 # Research Scholar, Information and Communication Engineering, Anna University

More information

Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

More information

Biometric Authentication Platform for a Safe, Secure, and Convenient Society

Biometric Authentication Platform for a Safe, Secure, and Convenient Society 472 Hitachi Review Vol. 64 (2015), No. 8 Featured Articles Platform for a Safe, Secure, and Convenient Society Public s Infrastructure Yosuke Kaga Yusuke Matsuda Kenta Takahashi, Ph.D. Akio Nagasaka, Ph.D.

More information

MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS

MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS Kanchupati Kondaiah 1, B.Sudhakar 2 1 M.Tech Student, Dept of CSE,

More information

Entrust IdentityGuard

Entrust IdentityGuard +1-888-437-9783 sales@identisys.com IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's

More information

Dynamic Query Updation for User Authentication in cloud Environment

Dynamic Query Updation for User Authentication in cloud Environment Dynamic Query Updation for User Authentication in cloud Environment Gaurav Shrivastava 1, Dr. S. Prabakaran 2 1 Research Scholar, Department of Computer Science, SRM University, Kattankulathur, Tamilnadu,

More information

RFID based Bill Generation and Payment through Mobile

RFID based Bill Generation and Payment through Mobile RFID based Bill Generation and Payment through Mobile 1 Swati R.Zope, 2 Prof. Maruti Limkar 1 EXTC Department, Mumbai University Terna college of Engineering,India Abstract Emerging electronic commerce

More information

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics

More information

Single Sign-On Secure Authentication Password Mechanism

Single Sign-On Secure Authentication Password Mechanism Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,

More information

Data Integrity for Secure Dynamic Cloud Storage System Using TPA

Data Integrity for Secure Dynamic Cloud Storage System Using TPA International Journal of Electronic and Electrical Engineering. ISSN 0974-2174, Volume 7, Number 1 (2014), pp. 7-12 International Research Publication House http://www.irphouse.com Data Integrity for Secure

More information

86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014

86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014 86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014 Dual server-based secure data-storage system for cloud storage Woong Go ISAA Lab, Department of Information Security Engineering,

More information

Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol. Vahid Jahandideh and Amir S.

Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol. Vahid Jahandideh and Amir S. 72 Int. J. Electronic Governance, Vol. 3, No. 1, 2010 Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol Vahid Jahandideh and Amir S. Mortazavi Department

More information

Security protocols for biometrics-based cardholder authentication in smartcards

Security protocols for biometrics-based cardholder authentication in smartcards Security protocols for biometrics-based cardholder authentication in smartcards Luciano Rila and Chris J. Mitchell Information Security Group Royal Holloway, University of London Surrey, TW20 0EX, UK luciano.rila@rhul.ac.uk

More information

Authentication protocol for fingerprint feature extraction and IBC in monitoring systems

Authentication protocol for fingerprint feature extraction and IBC in monitoring systems Authentication protocol for fingerprint feature extraction and IBC in monitoring systems Changgeng Yu; Liping Lai School of Mechanical and Electronic Engineering, Hezhou University, No.8, xihuan Road,

More information

Advanced Authentication

Advanced Authentication White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is

More information

IDRBT Working Paper No. 11 Authentication factors for Internet banking

IDRBT Working Paper No. 11 Authentication factors for Internet banking IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased

More information

Electronic Commerce and E-wallet

Electronic Commerce and E-wallet International Journal of Recent Research and Review, Vol. I, March 2012 Electronic Commerce and E-wallet Abhay Upadhayaya Department of ABST,University of Rajasthan,Jaipur, India Email: abhayu@rediffmail.com

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems Becky Cutler Rebecca.cutler@tufts.edu Mentor: Professor Chris Gregg Abstract Modern day authentication systems

More information

Authentication and Authorization Applications in 4G Networks

Authentication and Authorization Applications in 4G Networks Authentication and Authorization Applications in 4G Networks Abstract Libor Dostálek dostalek@prf.jcu.cz Faculty of Science University of South Bohemia Ceske Budejovice, Czech Republic The principle of

More information

Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags

Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags Seyed Mohammad Alavi 1, Karim Baghery 2 and Behzad Abdolmaleki 3 1 Imam Hossein Comprehensive University Tehran, Iran

More information

Application-Specific Biometric Templates

Application-Specific Biometric Templates Application-Specific Biometric s Michael Braithwaite, Ulf Cahn von Seelen, James Cambier, John Daugman, Randy Glass, Russ Moore, Ian Scott, Iridian Technologies Inc. Introduction Biometric technologies

More information

Cryptography. Debiao He. School of Mathematics and Statistics, Wuhan University, Wuhan, People s Republic of China. hedebiao@163.

Cryptography. Debiao He. School of Mathematics and Statistics, Wuhan University, Wuhan, People s Republic of China. hedebiao@163. Weakness in a Mutual Authentication cheme for ession Initiation Protocol using Elliptic Curve Cryptography Debiao He chool of Mathematics and tatistics, Wuhan University, Wuhan, People s Republic of China

More information

Improving data integrity on cloud storage services

Improving data integrity on cloud storage services International Journal of Engineering Science Invention ISSN (Online): 2319 6734, ISSN (Print): 2319 6726 Volume 2 Issue 2 ǁ February. 2013 ǁ PP.49-55 Improving data integrity on cloud storage services

More information

Device-based Secure Data Management Scheme in a Smart Home

Device-based Secure Data Management Scheme in a Smart Home Int'l Conf. Security and Management SAM'15 231 Device-based Secure Data Management Scheme in a Smart Home Ho-Seok Ryu 1, and Jin Kwak 2 1 ISAA Lab., Department of Computer Engineering, Ajou University,

More information

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies

More information

International Journal of Software and Web Sciences (IJSWS) www.iasir.net

International Journal of Software and Web Sciences (IJSWS) www.iasir.net International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) ISSN (Print): 2279-0063 ISSN (Online): 2279-0071 International

More information

A Unique-ID based Usable Multi-Factor Authentication Scheme for e-services

A Unique-ID based Usable Multi-Factor Authentication Scheme for e-services Int'l Conf. Security and Management SAM'15 295 A Unique-ID based Usable Multi-Factor Authentication Scheme for e-services Mohammed Misbahuddin, Roshni VS, Anna Thomas, Uttam Kumar Centre for Development

More information

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD Volume 1, Issue 7, PP:, JAN JUL 2015. SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD B ANNAPURNA 1*, G RAVI 2*, 1. II-M.Tech Student, MRCET 2. Assoc. Prof, Dept.

More information

A New Credit Card Payment Scheme Using Mobile Phones Based on Visual Cryptography

A New Credit Card Payment Scheme Using Mobile Phones Based on Visual Cryptography A New Credit Card Payment Scheme Using Mobile Phones Based on Visual Cryptography Chao-Wen Chan and Chih-Hao Lin Graduate School of Computer Science and Information Technology, National Taichung Institute

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

Abstract. 1. Introduction

Abstract. 1. Introduction 보안공학연구논문지 Journal of Security Engineering Vol.12, No.2 (2015), pp.181-190 http://dx.doi.org/10.14257/jse.2015.04.07 Abstract E-health is the delivery of health information, for health professionals and

More information

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS Abstract: The Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential

More information

Security Model in E-government with Biometric based on PKI

Security Model in E-government with Biometric based on PKI Security Model in E-government with Biometric based on PKI Jaafar.TH. Jaafar Institute of Statistical Studies and Research Department of Computer and Information Sciences Cairo, Egypt Nermin Hamza Institute

More information

Longmai Mobile PKI Solution

Longmai Mobile PKI Solution Longmai Mobile PKI Solution A quick Solution to External and Internal fraud in Insurance Industry Putting the client at the center of modernization Contents 1. INTRODUCTION... 3 1.1 Challenges... 3 1.2

More information

Signature Amortization Technique for Authenticating Delay Sensitive Stream

Signature Amortization Technique for Authenticating Delay Sensitive Stream Signature Amortization Technique for Authenticating Delay Sensitive Stream M Bruntha 1, Dr J. Premalatha Ph.D. 2 1 M.E., 2 Professor, Department of Information Technology, Kongu Engineering College, Perundurai,

More information

One Time Password Generation for Multifactor Authentication using Graphical Password

One Time Password Generation for Multifactor Authentication using Graphical Password One Time Password Generation for Multifactor Authentication using Graphical Password Nilesh B. Khankari 1, Prof. G.V. Kale 2 1,2 Department of Computer Engineering, Pune Institute of Computer Technology,

More information

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected

More information

A KIND OF IMPLEMENT ABOUT MOBILE SIGNATURE SERVICE BASED ON MOBILE TELEPHONE TERMINAL

A KIND OF IMPLEMENT ABOUT MOBILE SIGNATURE SERVICE BASED ON MOBILE TELEPHONE TERMINAL A KIND OF IMPLEMENT ABOUT MOBILE SIGNATURE SERVICE BASED ON MOBILE TELEPHONE TERMINAL Wangjian, Xu Guoai, Zhangmiao National Engineering Laboratory for Disaster Backup and Recovery, Beijing University

More information

Data Deduplication Scheme for Cloud Storage

Data Deduplication Scheme for Cloud Storage 26 Data Deduplication Scheme for Cloud Storage 1 Iuon-Chang Lin and 2 Po-Ching Chien Abstract Nowadays, the utilization of storage capacity becomes an important issue in cloud storage. In this paper, we

More information

Monalisa P. Kini, Kavita V. Sonawane, Shamsuddin S. Khan

Monalisa P. Kini, Kavita V. Sonawane, Shamsuddin S. Khan International Journal of Scientific & Engineering Research, Volume 5, Issue 7, July-2014 1410 Secured Authentication Using Mobile Phone as Security Token Monalisa P. Kini, Kavita V. Sonawane, Shamsuddin

More information

A secure email login system using virtual password

A secure email login system using virtual password A secure email login system using virtual password Bhavin Tanti 1,Nishant Doshi 2 1 9seriesSoftwares, Ahmedabad,Gujarat,India 1 {bhavintanti@gmail.com} 2 SVNIT, Surat,Gujarat,India 2 {doshinikki2004@gmail.com}

More information

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption Partitioning Data and Domain Integrity Checking for Storage - Improving Cloud Storage Security Using Data Partitioning Technique Santosh Jogade *, Ravi Sharma, Prof. Rajani Kadam Department Of Computer

More information

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates

More information

A MECHANICS FOR ASSURING DATA STORAGE SECURITY IN CLOUD COMPUTING

A MECHANICS FOR ASSURING DATA STORAGE SECURITY IN CLOUD COMPUTING A MECHANICS FOR ASSURING DATA STORAGE SECURITY IN CLOUD COMPUTING 1, 2 Pratibha Gangwar, 3 Mamta Gadoria 1 M. Tech. Scholar, Jayoti Vidyapeeth Women s University, Jaipur, priya25mehta@gmail.com 2 M. Tech.

More information

Economic and Social Council

Economic and Social Council UNITED NATIONS E Economic and Social Council Distr. GENERAL ECE/TRANS/WP.30/AC.2/2008/2 21 November 2007 Original: ENGLISH ECONOMIC COMMISSION FOR EUROPE Administrative Committee for the TIR Convention,

More information

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to

More information

Credit Card Security

Credit Card Security Credit Card Security Created 16 Apr 2014 Revised 16 Apr 2014 Reviewed 16 Apr 2014 Purpose This policy is intended to ensure customer personal information, particularly credit card information and primary

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION

FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION INTRODUCTION GANESH ESWAR KUMAR. P Dr. M.G.R University, Maduravoyal, Chennai. Email: geswarkumar@gmail.com Every day, millions of people

More information

SECURED DATA STORAGE IN CLOUD

SECURED DATA STORAGE IN CLOUD International Journal of Information Technology & Management Information System (IJITMIS) Volume 6, Issue 2, July-December-2015, pp. 44-48, Article ID: IJITMIS_06_02_007 Available online at http://http://www.iaeme.com/issue.asp?jtype=ijitmis&vtype=6&itype=2

More information

A Security-Enhanced One-Time Payment Scheme for Credit Card

A Security-Enhanced One-Time Payment Scheme for Credit Card A Security-Enhanced One-Time Payment Scheme for Credit Card Yingjiu Li School of Information Systems Singapore Management University 469 Bukit Timah Road, Singapore 59756 yjli@smu.edu.sg Xinwen Zhang Lab

More information

Design and Analysis of Methods for Signing Electronic Documents Using Mobile Phones

Design and Analysis of Methods for Signing Electronic Documents Using Mobile Phones Design and Analysis of Methods for Signing Electronic Documents Using Mobile Phones Pramote Kuacharoen School of Applied Statistics National Institute of Development Administration 118 Serithai Rd. Bangkapi,

More information

Multi-factor authentication

Multi-factor authentication CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL

More information

Session Initiation Protocol Attacks and Challenges

Session Initiation Protocol Attacks and Challenges 2012 IACSIT Hong Kong Conferences IPCSIT vol. 29 (2012) (2012) IACSIT Press, Singapore Session Initiation Protocol Attacks and Challenges Hassan Keshavarz +, Mohammad Reza Jabbarpour Sattari and Rafidah

More information

Analysis of E-Commerce Security Protocols SSL and SET

Analysis of E-Commerce Security Protocols SSL and SET Analysis of E-Commerce Security Protocols SSL and SET Neetu Kawatra, Vijay Kumar Dept. of Computer Science Guru Nanak Khalsa College Karnal India ABSTRACT Today is the era of information technology. E-commerce

More information

A secure user authentication protocol for sensor network in data capturing

A secure user authentication protocol for sensor network in data capturing Quan et al. Journal of Cloud Computing: Advances, Systems and Applications (2015) 4:6 DOI 10.1186/s13677-015-0030-z RESEARCH Open Access A secure user authentication protocol for sensor network in data

More information

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System ArchanaThange Post Graduate Student, DKGOI s COE, Swami Chincholi, Maharashtra, India archanathange7575@gmail.com,

More information

Integration of Sound Signature in 3D Password Authentication System

Integration of Sound Signature in 3D Password Authentication System Integration of Sound Signature in 3D Password Authentication System Mr.Jaywant N. Khedkar 1, Ms.Pragati P. Katalkar 2, Ms.Shalini V. Pathak 3, Mrs.Rohini V.Agawane 4 1, 2, 3 Student, Dept. of Computer

More information

Multi Factor Authentication Protocols for a Secured Wsn

Multi Factor Authentication Protocols for a Secured Wsn Multi Factor Authentication Protocols for a Secured Wsn R.Jayamala Asst.Professor, Anna university of Technolgy,Trichy. V.Eswari Final Year M.E.,CSE Anna university of Technolgy,Trichy eshwarivenkatachalam@gmail.com

More information

A Secure Decentralized Access Control Scheme for Data stored in Clouds

A Secure Decentralized Access Control Scheme for Data stored in Clouds A Secure Decentralized Access Control Scheme for Data stored in Clouds Priyanka Palekar 1, Abhijeet Bharate 2, Nisar Anjum 3 1 SKNSITS, University of Pune 2 SKNSITS, University of Pune 3 SKNSITS, University

More information

View from a European Trust Service Provider Server Signing: Return of experience and certification strategy

View from a European Trust Service Provider Server Signing: Return of experience and certification strategy View from a European Trust Service Provider Server Signing: Return of experience and certification strategy January 16, 2014 - Berlin Thibault de Valroger VP Strategy & Development OPENTRUST Thibault.devalroger@opentrust.com

More information

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?).

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). Kerberos Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). 1 Kerberos Kerberos is an authentication protocol and a software suite implementing this

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of

More information

A Study on the Security of RFID with Enhancing Privacy Protection

A Study on the Security of RFID with Enhancing Privacy Protection A Study on the Security of RFID with Enhancing Privacy Protection *Henry Ker-Chang Chang, *Li-Chih Yen and *Wen-Chi Huang *Professor and *Graduate Students Graduate Institute of Information Management

More information

On the Limits of Anonymous Password Authentication

On the Limits of Anonymous Password Authentication On the Limits of Anonymous Password Authentication Yan-Jiang Yang a Jian Weng b Feng Bao a a Institute for Infocomm Research, Singapore, Email: {yyang,baofeng}@i2r.a-star.edu.sg. b School of Computer Science,

More information

Improvement of digital signature with message recovery using self-certified public keys and its variants

Improvement of digital signature with message recovery using self-certified public keys and its variants Applied Mathematics and Computation 159 (2004) 391 399 www.elsevier.com/locate/amc Improvement of digital signature with message recovery using self-certified public keys and its variants Zuhua Shao Department

More information

A Generalized Protocol for Mobile Authentication in Healthcare Systems

A Generalized Protocol for Mobile Authentication in Healthcare Systems A Generalized Protocol for Mobile Authentication in Healthcare Systems Eric Reinsmidt The University of Tennessee eric@reinsmidt.com Li Yang The University of Tennessee at Chattanooga li-yang@utc.edu Abstract

More information

Analysis of Multimodal Biometric Fusion Based Authentication Techniques for Network Security

Analysis of Multimodal Biometric Fusion Based Authentication Techniques for Network Security , pp. 239-246 http://dx.doi.org/10.14257/ijsia.2015.9.4.22 Analysis of Multimodal Biometric Fusion Based Authentication Techniques for Network Security R.Divya #1 and V.Vijayalakshmi #2 #1 Research Scholar,

More information

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Authentication Types. Password-based Authentication. Off-Line Password Guessing Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:

More information