CHAPTER-1

INTRODUCTION

Project title: E-authentication system using QR codes and OTP

1.1 HISTORY:

The need for authentication has been prevalent throughout history. In ancient times, people
would identify each other through eye contact and physical appearance. The Sumerians in
ancient Mesopotamia attested to the authenticity of their writings by using seals embellished
with identifying symbols. As time moved on, the most common way to provide
authentication would be the handwritten signature.

1.2 OBJECTIVE OF THE PROJECT

➢ The main purpose of our E-authentication system using QR codes and OTP is to
provide secured login systems which also performs online transactions.
➢ This system is basically aimed to provide the customer the system more compliable
for the imposters and more reliable for the users, by using the electronic
authentication approach.
➢ The objective of our project is to come up with banking website and online
shopping website that implement and demonstrate how QR codes and OTP can be
used with encryption algorithms to ensure data security as it provides dual
security with data optimization.

1.3 SCOPE OF THE PROJECT

➢ E-Authentication system revolutionizes web site login and authentication. It

eliminates many problems inherent in traditional login techniques.
➢ It is more secure as it involves AES encryption technique and it is easy to use, also
gives freedom from remembering so many username and password for different
websites.

1
 ➢ The simple and straight forward E-Authentication system yields a surprising array of
features and benefits and can be used in various applications like e-commerce, e-
retail, e-booking, e-learning and many more.
➢ The internet has made electronic authentication an almost effortless task.

1.4 USE OF THE PROJECT

In the proposed scheme, the user can easily and efficiently login into the system. We
analyse the security and usability of the proposed scheme, and show the resistance of the
proposed scheme to hacking of login credentials, shoulder surfing and accidental login.
The shoulder surfing attack can be performed by the adversary to obtain the user’s
password by watching over the user’s shoulder as he enters his password. Since, we have
come up with a secure system schemes with different degrees of resistance to shoulder
surfing have been proposed. In order to use this authentication system, user need to first
register himself into this system by filing up the basic registration details. After a
successful registration, user can access the login module where he/she need to first
authenticate the account by entering the email id and password which was entered while
registration. Once the email id and password is authenticated, the user may proceed with
next authentication section where he/she need to select the type of authentication as QR
(Quick Response) Code or OTP (One Time Password). Once the user selects the
authentication type as QR Code, then system will generate a QR Code and send it to
user’s mail id over internet. If user select’s OTP, then SMS will be sent on his/her
registered mobile number. If the user passes the authentication, then system will redirect
to the main page. The QR Code and OTP are randomly generated by the system at the
time of login.

➢ One of the major functions of any security system is the control of people in or out
of protected areas, such as physical buildings, information systems, and our national
borders.

➢ Psychology studies have revealed that the human brain is better at recognizing and
recalling graphical images than text.

➢ Computer security systems must also consider the human factors such as ease of use
and accessibility.

2
➢ Current secure systems suffer because these mostly ignore the importance of human
factors in security.

➢ An ideal security system considers security, reliability, usability, and human factors.

➢ All current security systems have flaws which make them specific for well trained
and skilled users only.

➢ We analyze the security and usability of the proposed scheme, and show the
resistance of the proposed scheme to hacking of login credentials, shoulder surfing
and accidental login.

➢ The shoulder surfing attack can be performed by the adversary to obtain the user’s
password by watching over the user’s shoulder as he enters his password. Since, we
have come up with a secure system schemes with different degrees of resistance to
shoulder surfing have been proposed.

➢ In order to use this authentication system, user need to first register himself into this
system by filing up the basic registration details.

➢ After a successful registration, user can access the login module where he/she need to
first authenticate the account by entering the email id and password which was
entered while registration.

➢ Once the email id and password is authenticated, the user may proceed with next
authentication section where he/she need to select the type of authentication as QR
(Quick Response) Code or OTP (One Time Password).

➢ Once the user selects the authentication type as QR Code, then system will generate a
QR Code and send it to user’s mail id over internet.

➢ If user selects OTP, then SMS will be sent on his/her registered mobile number. If the
user passes the authentication, then system will redirect to the main page. The QR
Code and OTP are randomly generated by the system at the time of login.

3
 CHAPTER-2
THEORETICAL BACKGROUND
2.1 Introduction to E-Authentication
Despite of wide use of current e-authentication system, it has many security holes as it’s
based on traditional password based model, no mutual authentication between user and bank
server which leads to threats like phishing (stealing passwords and using them for
transactions), intercepting communication lines, database hacking, etc.. To make transactions
more secure but also keeping them easy for user, following authentication system can be
useful.
In our proposed scheme, we assume the secure communication between the user (PC) service
providers and service provider’s certification authority.
The proposed authentication system ensures the user authentication and digital signatures
using authorized certificates by using https communication between user and server.

Using user’s transfer information (TI), requested transfer time (T) and the serial number (SN)
of user’s mobile device instead of security card, we generate QR-code, display it on user
screen and decode it with user’s mobile device to generate OTP.
OTP is generated on server side also and OTP generated by user device and by server are
verified to proceed. User database should also be encrypted to prevent data leakage.
The authentication process of proposed system is shown
below:

4
 Fig.. Working scenario for e-authentication system

1] User uses his/her own public certificate to login and then transfer information to start the
transfer transaction.

Transfer Information (TI) = TB||T||ATM

TB: Transfer Bank (Bank code)
TA: Transfer Account
TM: Transfer Money

2] Server indicates and then converted the information to a QR-code with random value
(RN`) on the screen using user enters the transfer information (TI), the requested time of
transfer (T) and random value (RN). At the same time, the server sent it to certification
authority (CA) to inputted code in the mobile device. If the information does not match, the
transfer will be canceled.
5
3] Certification authority (CA) generated the OTP by received the transfer information (TI),
the requested time of transfer (T) and the user’s hashed serial number (SN).

4] User will convert the QR-code on the screen using their mobile device and it is divided
into two phases. First, user uses their mobile device (phones) to read the random value (RN)
which show on the screen to verify the random value (RN`).
If the random value is accurate, user will proceed to the next step. And then confirm the
converted the information of transfer. If the information is accurate, user will generate OTP
hashed serial number (SN) of user’s mobile device are shared with the certification authority
(CA). And output the generated OTP on the screen of mobile devices.

5] When user execute the generated OTP, mobile device generates the OTP by reads the
transfer information (TI), perceived value of time (T) and information of transfer (TI) and the
requested time of transfer (T).

6] User input the generated OTP code from mobile device on the screen.

7] Server (Bank) sent OTP to certification authority (CA) to received OTP from user.

8] Certification authority (CA) compared by received OTP code (OTP1) and generated the
OTP code (OTP2), sent to server (Bank) to for OTP code approval.

9] When the server (Bank) received approve of OTP from certification authority (CA), it will
verify the entered OTP code with user consistent value and user digital signature. If the
approve of OTP value does not receive, the transfer will be canceled. OTP is displayed on
mobile screen and user types it into desktop application. Desktop client then sends this OTP
to server.

10] Authorized user signed his certificates to complete the transfer.

11] Server (Bank) to verify the digital signature and final approve of transfer.

6
2.2 Methodology

As we know, number of Internet users are increasing drastically. Now, people are using
different online services provided by banks, colleges/schools, hospitals, online utility, bill
payment and online shopping sites. To access online services, text-based authentication
system is in use. The text-based authentication scheme faces some drawbacks with
usability and security issues that bring troubles to users. The core element of
computational trust is identity. The aim of the paper is to make the system more
compliable for the imposters and more reliable for the users, by using the graphical
authentication approach. In this paper, we are using the more powerful tool of encoding
the options in graphical QR format and also there will be the acknowledgment which will
send to the user’s mobile for final verification. The main methodology depends upon the
encryption option and final verification by confirming a set of pass phrase on the legal
users, the outcome of the result is very powerful as it only gives the result at once when
the process is successfully done. All processes are cross linked serially as the output of the
1st process, is the input of the 2nd and so on. The system is a combination of recognition
and pure recall based technique. Presented scheme is useful for devices like PDAs, iPod,
phone etc. which are more handy and convenient to use than traditional desktop computer
systems.

2.3 Relevance and implications

The findings and conclusions presented by this dissertation have both academic and practical
relevance. On one hand, they support the establishment of future research studies related to
E-Authentication system, uncovering new insights about user’s online behavior within this
security category. Namely, the different strategies users use while logging in for different
websites and their respective response to the presented stimuli. On the other hand, these new
insights and information about E-Authentication users are also important for the success of
authenticator’s strategies and respective online platforms. By better understanding the
security procedure of e-authentication system - from the strategies users use ate before login
any website , to the actual logging security process and finally to the post-logging evaluation
– as well as some of the implications on security of this e-authentication system versus a
more traditional one, this study is expected to contribute to the practical knowledge of
authenticators allowing them to better adapt their system for authentication to the
expectations and behavior of users.

7
 CHAPTER-3

SYSTEM ANALYSIS AND PLANNING

System analysis and design refers to the process of examining a business situation with the
intent of improving it through better procedure and method. System development can
generally be thought of as having two major components: -System analysis and system
design.
System design is a process of planning a new system or replace or complement an existing
system. But before this planning can be done, we must thoroughly understand the existing
system and determine how computer can best be used to make its operation more effective.
System analysis, then, is the process of gathering and interpreting facts, diagnosing problems
and using the information to recommend improvement to the system.

3.1 Requirement Analysis

Requirement analysis in system engineering and software engineering encompasses those

tasks that go into determining the need or conditions to meet for a new or altered product,
taking account of the possibly conflicting requirements of the various stack holders, such as
beneficiaries or users.
Requirement analysis is critical to the success of a development project. Requirement must be
documented, actionable, measurable, testable related to identified business need or
opportunity, and define to a level of detail sufficient for system design.
Requirements are a description of how a system should behave or a description of system
properties or attributes. It can alternatively be a statement of what an application is expected
to do. The software requirement analysis process covers the complex task of eliciting and
documenting the requirement of all these users, modeling and analyzing these requirements
and documenting them as a basis for system design.

3.1.1 Steps in Requirement Analysis Process

➢ Fix system boundaries

➢ Identify the customer
8
 ➢ Requirement elicitation
➢ Requirement analysis process
➢ Requirements specification
➢ Requirement management

3.1.2 Requirement Analysis Technique

Brainstorming Session

Brainstorming is a group creativity technique design to generate a large no. of idea for the
solution of a problem although brainstorming has become a popular group technique, when
applied in a traditional group setting; researchers have not found evidence of its effectiveness
for enhancing either quantity or quality of ideas generated. Because of such problems as
distraction, social loafing, evaluation, apprehension, and production blocking, conventional
brainstorming group are little more effective than other type of groups, and they are actually
less effective than individual working independently.

3.2 SRS Document

A Software Requirement specification (SRS) is a complete description of the behavior of the

system to be developed. It includes a set of use case that describes all the interaction the user
will have with the software. Use cases are also known as functional requirements. In addition
to use cases, the SRS also contains non-functional requirements. Non-functional requirements
are requirements which impose constraint on the design or implementation (such as
performance requirement, quality standard or design constraints).
Goals of SRS are: -

➢ It provides feedback to the customer. An SRS is the customer’s assurance that the
development organizations understand the issues or problems to be solved and the
software behavior necessary to address those problems.

➢ It decomposes the problem into component parts. The simple act of writing down
software requirements in a well design format organizes information, places borders
around the problem, solidifies ideas, and help break down the problem into its
component part in an orderly fashion.

9
 ➢ It serves as an input to the design specification. Therefore, the SRS must contain
sufficient detail in the functional system requirement so that the design solution can
be devised.

3.2.1 Non Functional Requirements:

It consists of following parameters: -

Reliability: The system will consistently perform its intended function.

For e.g. The important information must be validated.

Efficiency: Unnecessary data will not be transmitted on the network and database server
will be properly connected.

Reusability: The system can be reused in any organization or site of the same group, by
defining the organization master definition under software license agreement.

Integrity: Only System Administrator has rights to access the database, not every user can
access all the information. Each user will be having rights to access the modules.

3.2.2 Used Tools and Platform

Software Specification:
Front-end Tool: - HTML, CSS, C#, ASP.NET, Bootstrap, JavaScript

➢
User friendly

➢
Low Cost Solution

➢
GUI feature

➢
Better designing aspects

Back-end Tool: - Microsoft SQL Server 2008

10
 ➢
Security

➢
Portability

➢
Quality

Platform:

Windows platform like: 2000 professional, XP & Vista,7, 8, 8.1,10etc

Hardware Specification:

➢ Intel Pentium and Celeron class processor

➢ Processor Speed - 1.2 GHz or above

➢ RAM - 512 MB

➢ HDD - 40 GB

➢ Monitor-14SVGA

➢ Printer -Laser Printer

➢ Mouse- Normal

➢ Keyboard- Normal

3.3 Feasibility Study

An outlier is an observation that lies an abnormal distance from other values in a random
sample from a population. In a sense, this definition leaves it up to the analyst to decide what
will be considered abnormal.

11
Outlier detection is a task that finds objects that are dissimilar or inconsistent with respect to
the remaining data. It has many uses in applications like fraud detection, network intrusion
detection and clinical diagnosis of diseases. Clustering algorithms are frequently used for
outlier detection. The clustering algorithms consider outlier detection only to the point they
do not interfere with the clustering process. In this proposed approach, outliers are detected
using 5-95% method in which 5% of data from minimum side and 5% data from maximum
side are detected and removed from the dataset.
A k-means has sensitivity over outlier data but can be still used with OFT for the detection of
outlier data. Outlier Finding Technique (OFT) is a hybridized form of both distance based
and density based outlier finding technique. Here after cluster formation has taken place with
the help of k-means clustering then we are left with the cluster of data points and the cluster
center. The experimental results prove that Modified k-Means clustering algorithm with
outlier detection and removal improves the accuracy of k-means algorithm.
Outlier detection is used in various domains in data mining. This has resulted in a huge and
highly diverse literature of outlier detection techniques. A lot of these techniques have been
developed in order to solve problems based on some of the particular features, while others
have been developed in a more generic fashion.

3.4 System Planning

The purpose of project planning is to identify the scope of the project, estimate the work
involved, and create a project schedule. Project planning begins with requirement that define
software to be developed. The project plan reflects the current status of all project activities
and is used to monitor and control the project.
The Project Planning task ensures the various element of the project are coordinated and
therefore guide the project execution and project planning is crucial to the success of the
project.
Careful planning right from the beginning of the project can help to avoid costly mistakes. It
provides an assurance that the project execution will accomplish its goal on schedule and
within the budget.

3.4.1 Preliminary Evolution

➢
The preliminary investigation starts as soon as someone either a user or a member of

12
 a particular department recognizes a problem or initiates a request, to modify the
current computerized system, or to computerize the current manual system.

➢
An important outcome of the preliminary investigation is determining
whether the system is feasible or not.

3.4.2 Project Scheduling

GANTT CHART

➢ Gantt chart is also known as Time Line Charts. A Gantt chart can be developed for
the entire project or a separate chart can be developed for each function.

➢ A tabular form is maintained where rows indicate the tasks with milestones
and columns indicate duration (weeks/months).

➢ The horizontal bars that spans across columns indicate duration of the task.

13
 CHAPTER-4

SYSTEM DESIGN

Software design is a process of problem solving and planning for a software solution. After
the purpose and specifications of software are determined, software developers build design
or employ designers to develop a plan for a solution. It includes low-level component and
algorithm implementation issues as well as the architectural view. Software design can be
considered as putting solution to the problem(s) in hand using the available capabilities.
Hence the main difference software analysis and design is that the output of the analysis of a
software problem will be smaller problems to solve and it should deviate so much even if it is
conducted by different team members or even by entirely different groups. But since design
depends on the capabilities, we can have different designs for the same problem depending
on the capabilities of the environment that will host the solution. The solution will depend
also on the used development environment.

4.1 Flow Chart

A flowchart is a type of diagram that represents an algorithm or process, showing the steps as
boxes of various kinds, and their order by connecting them with arrows. Process operations
are represented in these boxes, and arrows; rather, they are implied by the sequencing of
operations. Flowcharts are used in analyzing, designing, documenting or managing a process
or program in various fields.
The two most common types of boxes in a flowchart are:

➢ A processing step, usually called activity, and denoted as a rectangular box

➢ A decision usually denoted as a diamond.

14
Fig: Flow Chart of E-Authentication Login Process

15
Fig: Flow Chart of E-Authentication Login and Code Generation Process

16
4.2 Data Flow Diagram
DFD is used to show how data flows through the system and the processes that transform the
input data into output. Data flow diagrams are a way of expressing system requirements in a
graphical manner. DFD represents one of the most ingenious tools used for structured
analysis. It is also known as a bubble chart.
The DFD at simplest level is referred to as a CONTEXT ANALYSIS DIAGRAM. These are
expended by level, each explaining its process in detail. Processes are numbered for easy
identification and are normally labeled in block letters.

Fig: Data Flow Diagram of E-Authentication

17
4.3 Activity Diagram

Activity diagrams are a loosely defined diagram technique for showing workflows of
stepwise activities and actions, with support for choice, iteration and concurrency. In the
Unified Modeling Language, activity diagrams can be used to describe the business and
operational step-by-step workflows of components in a system. An activity diagram shows
the overall flow of control. They consist of:

➢ Initial node.

➢ Activity final node.

➢ Activities

The starting point of the diagram is the initial node, and the activity final node is the ending.

Fig: Activity Diagram

18
 CHAPTER-5

SYSTEM IMPLEMENTATION DETAILS

5.1 MODULES:
This project contains following modules:
1. Registration
2. Login
3. OTP Verification
4. Scan QR codes
5. Main page access

MODULE DESCRIPTION:

5.1.1 Registration:

- To access the system, user need to first register by entering the basic registration
details like name, email id, mobile number, gender, etc.

5.1.2 Login:

- Here, user need to enter the login credentials to access the system.
- If the login credentials are validated by the system, the page will be redirected to
user authentication page where user need to select any one authentication type as
OTP or QR Code.

5.1.3 OTP Verification:

- If user select’s OTP authentication, then system will send an OTP in the form of
SMS on the registered mobile number which was provided by the user at the time
of registration.

19
 5.1.4 Scan QR Code:

- If user select’s QR code, then code is generated in backend and sent on the user’s
email id.
- User need to scan the QR Code using system webcam to validate the QR Code
sent over the mail.

5.1.5 Main Page Access:

- If the user passes the authentication process, then the page will be redirected to
Main Page else, it will redirect to login page.

5.2 RELATED WORK

5.2.1 Calculation of OTP:

One Time Password (OTP) can be used. One time password system can be solution for this
weakness which would generate new password every transaction and is based on two
important factors:

(a) A PIN to unlock the OTP generator (something you know)

(b) the OTP smart card itself (something you have).

Here in this system, QR code generated by bank server is displayed on client screen and is
decoded by user mobile device. QR code is embedded with the information regarding current
transaction, timestamp and data unique for every user device like imei-number.
We can get data string from QR code; append it with IMEI number which can be obtained
from mobile device. Then hashing function like SHA-256 is used to create hashed string of
that data. Other hashing algorithms also can be used. But longer the hash code, more it is
difficult to guess the OTP for an attacker. Hashed string comprised of both digits and
characters. We will select any 6 or 8 digits/character or both of generated hash and use it as
OTP.

20
 Fig. OTP creation and validation

Same hash of the data will be created on server side also and compared for equivalence,
ensuring mutual authentication. If both OTPs are same, transaction is permitted.
Advantages of using hashing algorithm like SHA is same hash is never generated for same
data in consecutive attempts, so intercepting data and calculating hash won’t be possible for
an attacker.

SHA-256("The quick brown fox jumps over the lazy dog")

0xd7a8fbb307d7809469ca9abcb0082e4f8d5651e4 6d3cdb762d02d0bf37c9e592

SHA-256("The quick brown fox jumps over the lazy dog.")

0xef537f25c895bfa782526529a9b63d97aa631564d 5d789c2b765448c8635fb6c

So as per system, OTP for above will be: 53725895 (using first 8 digits).

And timestamp ensures that OTP for transaction generated at different times will be different.
21
This OTP can also be called HOTP as hashing technique is used. We can also use H-MAC
codes but it would need an extra input to generate output.

5.2.2 Database encryption:

One of the major security holes in many critical systems is database security. Though attacker
gets invalid access to database, one more level of security can be added by encrypting
database. While displaying contents we’ll decrypt data and send it to user.

Any of the available encryption algorithms can be used but as there will be many database
requests for banking application, encrypting-decrypting every time might put large overhead
on the application. So care should be taken to choose an algorithm which would provide
sufficient security with little overhead.

Base-64 is one of the choices. Algorithm converts data in byte-code. Standard data
representation is of 8-bits. We can take 6-bit groups and convert them into characters and
replace the original data. Padding can be added in the end of data if necessary. It would
represent data by 2^6=64 possible characters, so named base-authentication64.

Along with security, another advantage of base 64 is that many internet system don’t allow
all 128 characters in 8-bit representation so, base-64 can be beneficial can be used for this
purpose. It embeds HTTP data in SSL (Secure Socket Layer) packets. SSL group data into
small chunks compresses them and then encrypts using asymmetric keys.
Asymmetric keys provide high level of security for communication as one key is used for
encryption and another for decryption. For management of keys, digital certificates are used
which legitimate documents are provided by certification authority (CA) containing user
information and keys.
For asymmetric key generation, RSA (Rivets-Shamir-Adelman) algorithm is used. Public
keys are embedded in digital certificates of each end. Data is sent by encrypting it with public
key of receiver but can be decrypted only with private key of receiver which is kept secret,
thus providing high level of security.

22
 Fig. Base-64 working

5.2.3 Secure Communication Channels:

As important as application security, secure communication channels also of equal

importance. Most promising way to do this would be use of digital certificates using PKI
architecture for application. PKI provides an additional encryption and signature. HTTPS
communication.

5.3 QR-code processing:

The features of this code symbol are large capacity, small printout size and high speed
scanning. QR code comprised of following patterns:
Finder pattern, timing pattern, format information, alignment pattern, and data cell.

23
 Fig Structure of QR Code

Use of QR code ensures that data will be decoded by legitimate user only as decoding device
will be required to decode it.

5.3.1 Generating QR-code: QR-code is generated using transaction information, timestamp,

random number using following steps:

(I)Conversion into binary format:

First we select mode in which QR-code to be generated depending on type of data:

Extended Channel Interpretation (ECI) Mode
1. Numeric Mode
2. Alphanumeric Mode
3.8-bit Byte Mode
4. Kanji Mode
Each of the modes has got different conversion functions to convert data into binary format.

(II)Appending error correction code words:

Divide the code word sequence into the required number of blocks to enable the error
24
correction algorithms to be processed. Generate the error correction code words for each
block, appending the error correction code words to the end of the data code word sequence.
One of the 4 levels of error recovery (L, M, Q, and H) is chosen to generate code words.

(III)Code word placement in matrix

Data blocks are arranged into QR-code according to chosen strategy: either into rectangular
blocks or irregular blocks which can accommodate more data.

(IV)Masking:

Data is XORed with predefined bit-string to encode, for dark and light modules to be
arranged in a well-balanced manner in the symbol.

(V)Appending format information:

The Format Information is a 15 bit sequence containing 5 data bits, with 10 error correction
bits calculated using the (15, 5) BCH code.

(VI)Appending version information:

The Version Information is an 18 bit sequence containing 6 data bits, with 12 error correction
bits calculated using the (18, 6) BCH code.
For error detection and correction “reed-soloman codes of data are also embedded in QR
code. It gives error correction up to 30%.The generator polynomial g(x) is defined by having
α, α2, …, αt as its roots, i.e.,
Scanning can be done by using following five steps:

(I)Pre-processing:

The gray level histogram calculation is adopted.

(II)Corner marks detection:

Three marked corners are detected using the finder pattern.

25
(III)Fourth corner estimation:

The fourth corner is detected using the special algorithm.

(IV) Inverse perspective transformation:

Inverse transformation is adopted based on the obtained corner geometry positions to

normalize the size of the code.

(V) Scanning of code:

Sample the inside of code and output the normalized bi-level code data to host CPU.
The input image has a deformed shape because of being captured from the embedded camera
device, and we use the inverse perspective transformation to normalize the code shape. This
equation is shown as follows:

u =c0x+c1x+c2 c6x+c7y+1

v =c3x+c4x+c5 c6x+c7y+1

g(x)=(x-α)(x-α2)….(x-αt)=g0+g1x+……+gt-1xt-1+xt

The transmitter sends the N − 1 coefficients of S(x) =p(x) g(x), and the receiver can use
polynomial division by g(x) of the received polynomial to determine whether the message is
in error; a non-zero remainder means that an error was detected. Let r(x) be the non-zero
remainder polynomial, then the receiver can evaluate r(x) at the roots of g(x), and build a
system of equations that eliminates s(x) and identifies which coefficients of r(x) are in error,
and the magnitude of each coefficient's error.

5.3.2 Scanning of QR-code:

The processing of QR-code detection consists of five procedures starting from image
captured from camera to data extraction. Thing that makes this task challenging is that
captured image may not be of good quality or might be deformed either by limitation of
device or naïve user.

26
 Fig. 5. Steps in QR-code scanning

Where u, v coordinates is original image coordinate which is deformed and x, y coordinate is

the normalized coordinate. In the above equations, coefficients c0 ∼c7 can be obtained from
the following four point pairs,
A(x0, y0) ⇔A_ (u0, v0),
B(x1, y1) ⇔B_ (u1, v1),
C(x2, y2) ⇔C_ (u2, v2),
D(x3, y3) ⇔D_ (u3, v3)

5.3.3 QR-code decoding:

QR-code is encoded with encryption key, which is then decoded by private key at user and
data is obtained. Decoding would be the exact opposite of the encoding scanning different
sections according to format of QR-code, checking data with error correction codes,
recovering lost data from redundant locations is done while decoding.
Random number is matched with the number sent along with the message and if the match,
message is valid. Timestamp is read from the message to get synchronized with the server.
From information in QR-code like TI and T and IMEI-number of the mobile device, OTP is
generated in the device and displayed to user. User then will enter it into desktop application
and is sent to CA where also OTP for current transaction is generated and matched with the
one sent by user application. If they are same transaction is completed.

27
Other functionalities required by any banking application should be added into the applicant
like user registration, managing user accounts, viewing transaction summary, etc. and
application confirming authentic, secure transaction, storage and communication can be
developed.

5.4 Authentication Scheme

There are four types of authentication schemes: local authentication, centralized

authentication, global centralized authentication, global authentication and web application
(portal).

When using a local authentication scheme, the application retains the data that pertains to the
user's credentials. This information is not usually shared with other applications. The onus is
on the user to maintain and remember the types and number of credentials that are associated
with the service in which they need to access. This is a high risk scheme because of the
possibility that the storage area for passwords might become compromised.

Using the central authentication scheme allows for each user to use the same credentials to
access various services. Each application is different and must be designed with interfaces
and the ability to interact with a central system to successfully provide authentication for the
user. This allows the user to access important information and be able to access private keys
that will allow he or she to electronically sign documents.

Using a third party through a global centralized authentication scheme allows the user direct
access to authentication services. This then allows the user to access the particular services
they need.

The most secure scheme is the global centralized authentication and web application (portal).
It is ideal for E-Government use because it allows a wide range of services. It uses a single
authentication mechanism involving a minimum of two factors to allow access to required
services and the ability to sign documents

System consists of a web service that will generate alpha-numerical OTPs using pseudo-
random numbers and current timestamp. Use of timestamp further assures security and
uniqueness of OTP. The alpha-numerical password string is then encrypted using Advanced
Encryption Standard (AES).The key for the algorithm will be ATM pin of the user since it is
unique for every user and can be obtained by Bank Server in every login session through

28
account number. The AES algorithm is used here since not only it provides higher security
but also it improves performance in such critical systems. The encrypted string is then
converted to QR image by the Bank Server. It is then sent to the concerned user using email
as transmission medium via SMTP. User then downloads the QR code image and uploads it
in standard application that is made available to him by net banking provider. The application
provides space for QR image to be uploaded and user then enters his ATM pin which is used
to decrypt the string read from QR code. The validation of the pin is carried out by sending
request to the bank server. If the ATM pin is entered correctly, application displays the OTP
that was generated for the session. User then enters the OTP for net-banking and completes
authentication. Then any type of transaction can be carried out online on the service provider
website.

Fig. : Sequence diagram for proposed authentication scheme

29
 Fig. : Workflow of proposed authentication scheme

Fig. : OTP in the form of an AES encrypted QR code.

30
 Fig. : Decrypting encrypted QR code using QR code reader

5.5 Authentication Factors

There are three generally accepted factors that are used to establish a digital identity for
electronic authentication, including:

31
• Knowledge factor, which is something that the user knows, such as a password,
answers to challenge questions, ID numbers or a PIN.
• Possession factor, which is something that the user has, such as mobile phone, PC or
token
• Biometric factor, which is something that the user is, such as his or her fingerprints,
eye scan or voice pattern

• Out of the three factors, the biometric factor is the most convenient and convincing to
prove an individual's identity.

• However, having to rely on this sole factor can be expensive to sustain. Although
having their own unique weaknesses, by combining two or more factors allows for
reliable authentication.

• It is always recommended to use multifactor authentication for that reason.

32
 CHAPTER-6

CODING & TESTING

6.1 Coding

The design must be translated into a machine-readable form. The code generation step
performs this task. If the design is performed in a detailed manner, code generation can be
accomplished without much complication.

6.1.1 Code Inspection

An inspection is one of the most common sorts of review practices found in software
projects. The goal of the inspection is for all of the inspectors to reach consensus on a work
product and approve it for use in the project. Commonly inspected work products
include software requirements specifications and test plans. In an inspection, a work product
is selected for review and a team is gathered for an inspection meeting to review the work
product. A moderator is chosen to moderate the meeting. Each inspector prepares for the
meeting by reading the work product and noting each defect. The goal of the inspection is to
identify defects. In an inspection, a defect is any part of the work product that will keep an
inspector from approving it. For example, if the team is inspecting a software requirements
specification, each defect will be text in the document which an inspector disagrees with the
stages in the inspections process are: Planning, Overview meeting, Preparation, Inspection
meeting, Rework and Follow-up. The Preparation, Inspection meeting and Rework stages
might be iterated.

➢ Planning: The inspection is planned by the moderator.

➢ Preparation: Each inspector examines the work product to identify possible defects.
➢ Inspection meeting: During this meeting the reader reads through the work product, part
by part and the inspectors point out the defects for every part.
➢ Rework: The author makes changes to the work product according to the action plans
from the inspection meeting.
➢ Follow-up: The changes by the author are checked to make sure everything is correct.

6.1.2 Source code: please refer to Appendix [A]

33
6.2 Testing
Software testing is any activity aimed at evaluating an attribute or capability of a program or
system and determining that it meets its required results. Although crucial to software quality
and widely deployed by programmers and testers, software testing still remains an art, due to
limited understanding of the principles of software. The difficulty in software testing stems
from the complexity of software: we cannot completely test a program with moderate
complexity. Testing is more than just debugging. The purpose of testing can be quality
assurance, verification and validation, or reliability estimation. Testing can be used as a
generic metric as well. Software testing is a trade-off between budget, time and quality.

6.2.1 Testing Objectives

It is a process of executing a program with the intent of finding errors

➢ A good test case is one that has a high probability of finding an as-yet-undiscovered
error.
➢ A successful test is one that uncovers an as yet undiscovered error.

6.2.2 Black Box Testing

When computer software is considered, black box testing alludes to tests that are conducted
at the software interface. Although they are designed to uncover errors, black box tests are
used to demonstrate that the software functions are optional, that input are properly accepted
and output is correctly produced, and that the integrity of external information (e.g. a
database) is maintained.

6.2.2 White Box Testing

White box testing of software is predicated on close examination of procedural detail.
Providing test case that exercise specific sets of conditions and/or loops tests logical paths
through the software. The main disadvantage with white box testing is even for smaller
programs the number of logical paths can be very large.

34
 CHAPTER-7

CONCLUSION & FUTURE ENHANCEMENT

After analyzing the data collected, it is imperative to theoretically conclude on the

relevant findings, as well as their respective implications for the industry and body of
academic research in question. Moreover, this chapter presents the study and guidelines
for future research.
5.1. Conclusions & Suggestions

➢ In our project we have proposed a secure and reliable authentication scheme for
net-banking through QR codes and OTPs. In recent years there has been a steep
increase in the number of net-banking users.
➢ Hence the proposed system satisfies the high security requirements of the online
users and protect them against various security attacks. Also the system does not
require any technical pre-requisite and this makes it very user friendly.
➢ Hence E-Authentication system proves to be versatile at the same time
beneficial for both the customers in terms of security and for vendors in terms of
increasing their efficiency. Hence it is most widely used to advertise and market
the products by most businesses.

OTPs are transmitted in the form of an image which makes it complex for intruder to detect
the presence of secured information. OTP is send to the concerned user through an email
message. Net-banking users can conveniently access their email accounts and obtain the
QR code containing the encrypted OTP. Hence under a secure transmission of the QR code
it can only be interpreted by application software deployed by the bank with the QR image.
Usage of AES algorithm for encrypting one-time password further enhances the security of
the system. Proposed scheme has higher degree of complexity than all existing systems and
clearly the time required to crack the scheme will be more than the useful lifetime of OTPs.
OTPs are generated for a session and have a short lifetime. It’s not possible to use the OTP
after their expiry. Popularity of QR codes makes the method user friendly. Even a trivial
user having basic understanding of using a computer system can adapt to it.

35
5.2. Future Enhancement

Now a days, use of e-authentication application are increased. Security is an important issue
for handling such services. Current system provide security card based facility to authenticate
user but this is not much more secure and will not be available for any time or situation. To
overcome such type of issues we propose e-authentication system using QR-code and OTP.
The bank generates the QR-code using user input transfer information and then user need to
recognize as to read the code using their mobile phone, after generate the OTP code using
transfer information and the hashed user’s mobile device number in their mobile phone.
Finally, terminate the transfer by user typing of generated OTP code on the screen.
For any system, security it provides and system overhead are two sides of a coin and should
be considered equally while developing critical information of transfer (TI) and the requested
time of transfer (T).
Visual cryptography is the method through which an image is converted into two or more
images. Original image can be obtained by overlaying all these images over one another
physically. Act of overlaying an image over another can also be performed through software
programs. Visual cryptography can be applied to convert the qr code into two images and
both these images can then be transmitted separately. Even if intruder manages to get one of
the images, he won’t be able to crack the scheme without the knowledge of the other
corresponding part of the image. Thus visual cryptography can be applied to further enhance
the security of the entire system. Further, java application to decrypt the qr code image can
be deployed as a cloud application and can be made available to intended audience easily.

36
 APPENDIX [A] – SOURCE CODE
/////////////-------------Login Page---------/////////////
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Net.Mail;
using QRCoder;
using System.IO;
using System.Drawing;
using System.Drawing.Imaging;

public partial class production_e_login : System.Web.UI.Page

{
SqlConnection con = new SqlConnection(@"data source=.;initial
catalog=e_authentication;integrated security=true;");

protected void Page_Load(object sender, EventArgs e)

{

if (btnlogin.Visible == true)
{
Session.Remove("otp");
Session.Remove("u_name");
Session.Remove("id");
Session.Remove("u_mobile");
Session.Remove("u_email");
}

if (!IsPostBack)
{

if (Session["user_id"] == null)
{
Response.Redirect("index.aspx");
}
else
{
Label1.Visible = false;
chkqrcode.Visible = false;
chkotp.Visible = false;
btnproceed.Visible = false;
}
}

37
 }
protected void btnlogin_Click(object sender, EventArgs e)
{
SqlDataAdapter adap = new SqlDataAdapter("select * from u_registration where
u_email='" + txtid.Value + "' and u_password='" + txtpassword.Value + "'", con);
DataTable dt = new DataTable();
adap.Fill(dt);

if (dt.Rows.Count > 0)
{
Session["id"] = txtid.Value;
Session["unique_id"] = dt.Rows[0]["id"].ToString();
Session["u_name"] = dt.Rows[0]["u_name"].ToString();
Session["u_mobile"] = dt.Rows[0]["u_mobile"].ToString();
Session["u_email"] = dt.Rows[0]["u_email"].ToString();
Session["date"] = dt.Rows[0]["date"].ToString();
txtid.Disabled = true;
txtpassword.Disabled = true;
btnlogin.Visible = false;
Label1.Visible = true;
chkqrcode.Visible = true;
chkotp.Visible=true;
btnproceed.Visible = true;
}
else
{
Response.Write("<script>alert('Invalid Id Or Password')</script>");
}
}

protected void chkqrcode_CheckedChanged(object sender, EventArgs e)

{
if (chkqrcode.Checked == true)
{
chkotp.Checked = false;
}
}

protected void chkotp_CheckedChanged(object sender, EventArgs e)

{
if (chkotp.Checked == true)
{
chkqrcode.Checked = false;
}
}

protected void btnproceed_Click(object sender, EventArgs e)

{
//try
//{
if (chkotp.Checked == true)
{
38
 otp();

using (MailMessage mailMessage = new MailMessage())

{
mailMessage.From = new MailAddress(Session["user_id"].ToString());
mailMessage.Subject = "OTP For Log In";
mailMessage.Body = lblotp.Text;
mailMessage.IsBodyHtml = true;
mailMessage.To.Add(new MailAddress(Session["id"].ToString()));

SmtpClient smtp = new SmtpClient();

smtp.Host = "smtp.gmail.com";
smtp.EnableSsl = true;
System.Net.NetworkCredential NetworkCred = new
System.Net.NetworkCredential();
NetworkCred.UserName = mailMessage.From.Address;
NetworkCred.Password = Session["u_pass"].ToString();
smtp.UseDefaultCredentials = true;
smtp.Credentials = NetworkCred;
smtp.Port = 587;
smtp.Send(mailMessage);

}
Response.Write("<script>alert('OTP Sent')</script>");
Response.Redirect("~/production/otp.aspx");
}
else if (chkqrcode.Checked == true)
{

Random r = new Random();

string charset =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890#@&";
string code = new string(Enumerable.Repeat(charset, 6).Select(a =>
a[r.Next(a.Length)]).ToArray()); ;
QRCodeGenerator qrGenerator = new QRCodeGenerator();
QRCodeGenerator.QRCode qrCode = qrGenerator.CreateQrCode(code,
QRCodeGenerator.ECCLevel.Q);
System.Web.UI.WebControls.Image imgBarCode = new
System.Web.UI.WebControls.Image();
imgBarCode.Height = 150;
imgBarCode.Width = 150;
using (Bitmap bitMap = qrCode.GetGraphic(20))
{

Guid unique=new Guid();

bitMap.Save(Server.MapPath("~/Production/Images2/'"+unique+"'.png"),ImageFormat.Png);

using (MailMessage mailMessage = new MailMessage())

{
mailMessage.From = new MailAddress(Session["user_id"].ToString());
mailMessage.Subject = "OTP For Log In";
39
 mailMessage.Body = " <html><body> <p> QR code as below</p> <p> <img
src='http://localhost:1091/gentelella-master/production/Images2/'" + unique + ".png' alt='QR
Code'/></p> </body></html> ";
mailMessage.IsBodyHtml = true;
mailMessage.To.Add(new MailAddress(Session["id"].ToString()));
Attachment data = new Attachment(unique.ToString());
mailMessage.Attachments.Add(data);

SmtpClient smtp = new SmtpClient();

smtp.Host = "smtp.gmail.com";
smtp.EnableSsl = true;
System.Net.NetworkCredential NetworkCred = new
System.Net.NetworkCredential();
NetworkCred.UserName = mailMessage.From.Address;
NetworkCred.Password = Session["u_pass"].ToString();
smtp.UseDefaultCredentials = true;
smtp.Credentials = NetworkCred;
smtp.Port = 587;
smtp.Send(mailMessage);

}
Response.Write("<script>alert('QR-CODE Sent')</script>");
Response.Redirect("~/production/otp.aspx");
}
}
//catch (Exception ex)
//{
//}
}

protected void otp()

{
Random r = new Random();
string charset =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890#@&";
lblotp.Text = new
string(Enumerable.Repeat(charset,6).Select(a=>a[r.Next(a.Length)]).ToArray());
Session["otp"] = lblotp.Text;
}

protected void qr_code()

{
Random r = new Random();
string charset =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890#@&";
string code = new string(Enumerable.Repeat(charset, 6).Select(a =>
a[r.Next(a.Length)]).ToArray()); ;
QRCodeGenerator qrGenerator = new QRCodeGenerator();
QRCodeGenerator.QRCode qrCode = qrGenerator.CreateQrCode(code,
QRCodeGenerator.ECCLevel.Q);
System.Web.UI.WebControls.Image imgBarCode = new
System.Web.UI.WebControls.Image();
40
 imgBarCode.Height = 150;
imgBarCode.Width = 150;

using (Bitmap bitMap = qrCode.GetGraphic(20))

{
using (MemoryStream ms = new MemoryStream())
{
bitMap.Save(ms, System.Drawing.Imaging.ImageFormat.Png);
byte[] byteImage = ms.ToArray();
imgBarCode.ImageUrl = "data:image/png;base64," +
Convert.ToBase64String(byteImage);
}
plBarCode.Controls.Add(imgBarCode);

}
}
}
/////////////-------------Login Page---------/////////////

/////////////-------------Home Page---------/////////////
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;

public partial class production_home : System.Web.UI.Page

{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Session["user_id"]== null)
{
Response.Redirect("index.aspx");
}
}

}
}
/////////////-------------Home Page---------/////////////

41
////////////--------------Admin Login Page----------/////////////

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;

public partial class production_index : System.Web.UI.Page

{
SqlConnection con = new SqlConnection(@"data source=.;initial
catalog=e_authentication;integrated security=true;");
protected void Page_Load(object sender, EventArgs e)
{

}
protected void btnlogin_Click(object sender, EventArgs e)
{
SqlDataAdapter adap = new SqlDataAdapter("select * from log_in where
user_id='"+txtid.Value+"' and password='"+txtpassword.Value+"'",con);
DataTable dt = new DataTable();
adap.Fill(dt);
if (dt.Rows.Count > 0)
{
Session["user_id"] = txtid.Value;
Session["u_pass"] = txtpassword.Value;
Response.Redirect("home.aspx");
}
else
{
Response.Write("<script>alert('Invalid Id Or Password')</script>");
}
}
}

////////////--------------Admin Login Page----------/////////////

42
////////////--------------OTP Page----------/////////////
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;

public partial class production_otp : System.Web.UI.Page

{
int second = 0;
protected void Page_Load(object sender, EventArgs e)
{
HtmlMeta meta = new HtmlMeta();
meta.HttpEquiv = "Refresh";
meta.Content = "30;url=e_login.aspx";
this.Page.Controls.Add(meta);
if (!IsPostBack)
{
if (Session["user_id"] == null)
{
Response.Redirect("~/production/index.aspx");
}
}
}
protected void btnlogin_Click(object sender, EventArgs e)
{
try
{
if (Session["otp"].ToString() == txtotp.Value)
{
Response.Redirect("~/production/Profile.aspx");
}
else
{
Response.Write("<script>alert('Invalid OTP')</script>");
Response.Redirect("~/production/e_login.aspx");
Session.Remove("otp");
Session.Remove("u_name");
Session.Remove("id");
}
}
catch (Exception ex)
{
}
}
}

////////////--------------OTP Page----------/////////////
43
////////////--------------Profile Page----------/////////////

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;

public partial class production_Profile : System.Web.UI.Page

{
SqlConnection con = new SqlConnection(@"data source=.;initial
catalog=e_authentication;integrated security=true;");
protected void Page_Load(object sender, EventArgs e)
{
if (Session["user_id"] == null)
{
Response.Redirect("index.aspx");
}

lblname1.Text =Session["u_name"].ToString();
lblmob1.Text=Session["u_mobile"].ToString();
lblmailid1.Text=Session["u_email"].ToString();
lbldate1.Text = Session["date"].ToString();
}
protected void btnproceed_Click(object sender, EventArgs e)
{
Session.Remove("u_name");
Session.Remove("u_mobile");
Session.Remove("u_email");
Session.Remove("date");
Response.Redirect("~/production/e_login.aspx");
}
protected void btnchangepass_Click(object sender, EventArgs e)
{
Response.Redirect("~/production/change_password.aspx");
}
}

////////////--------------Profile Page----------/////////////

44
////////////--------------Registration Page----------/////////////
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
public partial class production_registration : System.Web.UI.Page
{
SqlConnection con = new SqlConnection(@"data source=.;initial
catalog=e_authentication;integrated security=true;");
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Session["user_id"] == null)
{
Response.Redirect("~/production/index.aspx");
}
}
}
protected void btnsubmit_Click(object sender, EventArgs e)
{
try
{
SqlCommand cmd = new SqlCommand("registration", con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@u_name", txtname.Text);
cmd.Parameters.AddWithValue("@u_email", txtmailid.Text);
cmd.Parameters.AddWithValue("@u_mobile", txtmob.Text);
cmd.Parameters.AddWithValue("@date", txtdate.Text);
cmd.Parameters.AddWithValue("@u_password", txtpass.Text);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
txtname.Text = "";
txtmailid.Text = "";
txtmob.Text = "";
txtpass.Text = "";
txtdate.Text = "";
Response.Write("<script>alert('User Registered Successfully')</script>");
}
catch (Exception ex)
{
}
}
}
///////////--------------Registration Page----------/////////////
45
////////////--------------Update Page Of User----------/////////////
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;

public partial class production_user_update : System.Web.UI.Page

{
SqlConnection con = new SqlConnection(@"data source=.;initial
catalog=e_authentication;integrated security=true;");
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Session["user_id"] == null)
{
Response.Redirect("~/production/index.aspx");
}
else
{ bind();
}
}
}
protected void GridView1_RowDeleting(object sender, GridViewDeleteEventArgs e)
{
Label lblname = (Label)GridView1.Rows[e.RowIndex].FindControl("lblname");
Label lblnumber = (Label)GridView1.Rows[e.RowIndex].FindControl("lblnumber");
Label lblid = (Label)GridView1.Rows[e.RowIndex].FindControl("lblid");
SqlCommand cmd = new SqlCommand("delete from u_registration where
u_name='"+lblname.Text+"' and u_mobile='"+lblnumber.Text+"' and
u_email='"+lblid.Text+"'", con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
bind();
}
protected void bind()
{
SqlDataAdapter adap = new SqlDataAdapter("select * from u_registration", con);
DataSet ds = new DataSet();
adap.Fill(ds);
GridView1.DataSource = ds;
GridView1.DataBind();
}
}
////////////--------------Update Page Of User----------/////////////
46
////////////--------------Change PassWord Page----------/////////////
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;

public partial class production_change_password : System.Web.UI.Page

{
SqlConnection con = new SqlConnection(@"data source=COMPAQ-PC;initial
catalog=e_authentication;integrated security=true;");
protected void Page_Load(object sender, EventArgs e)
{

}
protected void btnsubmit_Click(object sender, EventArgs e)
{

con.Open();
SqlCommand cmd = new SqlCommand("update u_registration set u_password='" +
txtnewpass.Text.Trim() + "' where id=" + Session["unique_id"].ToString() + " and u_name='"
+ Session["u_name"].ToString() + "'");
cmd.ExecuteNonQuery();
Response.Redirect("~/production/Profile.aspx");
con.Close();
}
}

////////////--------------Change PassWord Page----------/////////////

47
 APPENDIX [A] – OUTPUT SCREENSHOTS
1. Home Page

2. Login Page

48
3. New Registration

4. Update User

49
5. Login via OTP or QR Code

6. Login via OTP

50
7. OTP on Mail

8. OTP Verification

51
9. Welcome User

10. Login via QR-Code

52
11. QR-Code on Mail

53
 REFERENCES
1] Young Sil Lee, Nack Hyun Kim, Hyotaek Lim, HeungKuk Jo, Hoon Jae Lee,” E-
AUTHENTICATION Authentication System using Mobile-OTP with QR-code”, Page(s):
644 – 648, Nov. 30 2010-Dec. 2 2010, E-AUTHENTICATIONISBN : 978-89-88678-30-5.

2] IETF RFC 4226, HOTP: An HMAC-Based One-Time Password Algorithm, Dec. 2005.

3] Anti Phishing Group, “Phishing Activity Trends Report”, from:

http://www.antiphishing.org, dec. 2008.

4] Mohammad Mannan, P. C. Van Oorschot, “Security and Usability: The Gap in Real-
World e-authentication”, NSPW’07, North Conway, NH, USA, Sep. 18-21, 2007.

5] Eisaku Ohbuchi, Hiroshi Hanaizumi, Lim Ah Hock,” Barcode Readers using the Camera
Device in Mobile Phones”, IEEE paper.

6] Aidong Sun, Yan Sun, Caixing Liu,” The QR-code reorganization in illegible snapshots
taken by mobile phones”, IEEE paper

7] D. M'Raihi, M. Bellare, F. Hoornaert, D. Naccache, O. Ranen ,”HOTP: An HMAC-Based

One-authenticationTime Password Algorithm” , , RFC 4226, December 2005.

8] Teoh Chin,Yew Mazleena,Salleh Subariah Ibrahim, ”Spatial Resource Analysis of Two

Dimensional Barcodes”, IEEE Paper.

9] R.L. Rivest, A. Shamir, and L. Adleman,"A Method for Obtaining Digital Signatures and
Public-Key Cryptosystems",http://people.csail.mit.edu/rivest/Rsapaper.pdf.

10] Robert P. McEvoy, Francis M. Crowe, Colin C. Murphy, William P.

Marnane,"Optimisation of the SHA-2 Family of Hash Functions on FPGAs".

11] R. Fielding, J. Gettys, J. C. Mogul, H. Frystyk, L. Masinter, P. Leach, T. Berners-

Lee,"Hypertext Transfer Protocol -- HTTP/1.1",Network Working Group, Request for
Comments: 2616

12] David Wagner, Bruce Schneier,"Analysis of the SSL 3.0

protocol",http://www.schneier.com/paper-ssl.pdf.

54