One-Time Password Communication Security Improvement using Elliptic Curve Cryptography with Iris Biometric

摘要

Nowadays, all e-commerce systems getting most of the bill amounts through ATM or debit card, credit card or online account transfer. In order to transfer bill amount from customer's account to seller's account, a One-Time Password (OTP) is needed which is valid for only one transaction, is generated by OTP Transaction Server of the Bank to authenticate their clients and to counter network eavesdropping/replay attacks. However, if the OTP itself gets attacked then there might be a chance of attacking to the current transaction and bank account of the client. In this paper, a model is proposed for improving the security of OTPs using ECC with iris biometric for e-commerce transactions. This model offers an improvement of security of OTP with shorter key length than the Rivest-Shamir-Adleman (RSA) algorithm and also avoids remembering the private keys, since the private keys are generated dynamically as and when required.