Indian Journal of Science and Technology

Abstract

Objectives: In this paper, an approach to online banking authorization using one-time passwords has been illustrated. Methods/Statistical Analysis: The algorithm presented in this paper provides an infinite as well as forward One-TimePassword (OTP) generation mechanism employing two Secure Hash Algorithms viz. SHA3 and SHA2, followed by dynamic truncation to produce human-readable OTP. An inimitable authentication scheme has been presented in which a unique initial seed is used for generating a series of OTPs on the user’s handheld gadget (i.e. a mobile phone). Findings: The proposed scheme demonstrated better results than the previous schemes of authorization after a security analysis was conducted on it. This is attributed to the eradication of cellular network within the authorization process. A high level of performance and efficiency in authentication and authorization was evident from the results that are vital for transacting online. Applications/Improvements: In the proposed system, the inherent features of the user’s device (mobile phone) are utilized to form the initial seed. The application of hash functions to that seed eliminates the necessity to send one time passwords to the users via Short Message Service and decreases the limitations posed by out-of-band systems, thus making it suitable to be employed in online banking and other financial organizations.

Keywords: Authentication, Authorization, Out-of-band Authorization, Hash Functions