Secure Employed using QR Code for Banking System

Secure Employed using QR Code for Banking System

Phalesha Rawal

Atharva College of Engineering Mumbai University Malad, Mumbai, India

Ruthika Puthran

Atharva College of Engineering Mumbai University

Malad, Mumbai, India

Lavanyaregunta

Atharva College of Engineering Mumbai University

Malad, Mumbai, India

Riya Patil

Atharva College of Engineering Mumbai University

Malad, Mumbai, India

Reena Somani

Atharva College of Engineering Mumbai University

Malad, Mumbai, India

Abstract- Security is a major concern in online banking systems which is competently achieved by diverse internet technologies to fill the hole between real world and virtual world .Many kinds of authentication methods have been developed such as one time passwords, smart card based system and also biometric features like iris recognition , face recognition , voice recognition.Our paper is entailing all the detail information about developing a security system for networked banking transactions using QR code. In the QR code a complex passwordis stored whereas aregular camera equipped smart phone is used for scanning this QR code. The code is scanned with the QR code scanner which can be an app or an in built feature. This scanning produces a string which is the combination of IMEI number of a phone which is registered by the user and a randomlygenerated numberusing a random number function. When the network is availed on the smart phone, the generated string automatically gets entered into the login page on the screen which opens the homepage of the bank.

Keywords- QR code , Biometric Features, Authentication.

1. INTRODUCTION

   In a world where online and digitization is a rapidly evolving trend in all fields like banking, shopping, communication , traveling , security to sensitive and personal credentials is indeed a challenge. Hence, there is a call fordeveloping more authoritative security application. These potent applications permit the user to transact on untrusted computers with confidence. Our paper is based on two way authentication approach which provides high end security as well as ease of access and speed. There are four important modules in our security system namelyonline authentication system, offline authentication system, QR code generationand QR code scanning . Another important requirement of this procedure is a camera equipped mobile phone. Here mobile phone is used for scanning the QR code so as toprovide the security when the mobile phone is online or offline.

2. QR CODE

   QR code stands for Quick Response code. The QR code is a matrix including of an array of nominally square modules which have been arranged in an square pattern, consisting an exclusive pattern located at three corners of the symbol . This design intends to assist in simple location of itssize. Position

   and inclination. An extensivecollectionof sizes of symbols is equipped together with four levels of error correction. The dimensions of the modules are user specific so as to enable symbol production by a broadrange of techniques.

3. PROPOSED SYSYTEM The system is basically divided into three modules:

1. Generation of QR code

2. Banking System

3. ATM System

Fig 3.1 System Architecture of online banking system

1. Generation of QR code

   Utilization of QR code makes it certain that the data will be decoded by lawful and legitimate user only seeing that a decoding device will be requisite to decode it. QR code encompasses thesubsequent patterns namely timing pattern, finder pattern, alignment pattern, format information and data cell. The QR code is a square module where all the four sides are surrounded by the quite zone border. Function patterns and encoding regions are embedded in a QR code. To execute coarse positioning for the QR image, the localization of QR code uses the finder patterns to obtain the approximate region of QR code with respect to the finder patterns. Data and error correction techniques ensure that the QR code will be read effectively even if some portion of is damaged upto 25 percent.

2. Banking System

   Firstly the client fills in the details ofa bank account and submits it to the bank employee. The employee saves and stores all the information into the database system. This Banking systemthen sends an OTP to the client. The client proceeds for the verification process and nextis told to change the password after the completion of the verification process for better safety.The client when re-logins into the system with the username and new password leads to sending a request for generation of a QR code. This produces a QR code as soon as the request is sent to the server which is displayed on the clients machine. The client will then scan the QR code with the mobile phone with the help of Random no. and IMEI no. which will be stored in the system database. Lastly it checks the mode of connection.

   1. Online mode

      First and foremost the IMEI and the random numbers are encrypted using the public key. This encrypted string is used to generate the required QR code with the help of a QR code generation function present in java. Next, this QR code image is displayed on the client machine for the user to scan it using a mobile phone. After scanning, in an online mode transaction(which means in the availability of internet on phone) , the generated string (IMEI number and random number) automatically gets entered into the login page which after successful login directs the client towards the home page of the bank.There is no need to remember the password which is the combination of your IMEI number and the random number for your login in this system. The server decrypts the string using the user public key and checks and ensures that an entry exists in the transactions table and then accordingly modifies the row of transaction table. Subsequently the server verifies that the IMEI against authenticate and fraud ones and assigns that IMEI to the correct user. If the login is successful, the transaction row isthen deleted. This ensures that every time the generated QR code image is unique and different. Next, the PHP session is created and when user logsoff , the session is destroyed.

   2. Offline mode:

   In thismode ,if Internet is not availed on the phone a pin code generation algorithm is used to generate a unique six-digit number which is in turn generated from the encrypted string (IMEI number and random number). User is required to enter this pin code on the login page manually with respect to his/her username. A keypad is available on screen for the user to enter the pin code. After entering the pin code, the server verifies the IMEI number of the user which is stored in the database. If the IMEI number is present then user is a valid client and the homepage of bank gets opened. During this, the timestamp is also checked. If the random number is generated before 10 minutes, then session automatically gets destroyed thus making it unavailable for the user to login.

3. ATM system

Due to the use of QR code authentication approach, additional security has been providedto the user. In this module, the client uses ATM centre to transfer money from one ATM

card to another ATM card for which he has to enter his own PIN number to authenticate himself.

Next, ATM machine verifies his PIN with the information in the database and only if the PIN matches then the user is given authentication. After authentication he gates towards the money transfe option. For money transfer from one ATM card to another ATM card, the user has to enter his own ATM number then the amount to be transferred followed by the ATM number of the other person. After entering the second account number a pop up message is displayed on the screen to confirm the transfer manually. This system provides extra measures to prevent frauds. Now, the QR code is displayed immediately when the user hits the next button at the transfer level. After scanning this QR code recipients information is received on the screen of our mobile phone. On the verification of the information on our mobile phone the transaction will be processedor else it will be declined.

III. REGISTRATION SYSTEM 1)Banking system

There are three different forms in the banking system to provide the required information by the user.

1. Login Page of Bank System

   The client initially is told to login with the username and password i.e. OTP he receives at first time login.The client then proceeds for the verification process and once when done with the verification process, the client is told to change the password for better security. Next, when the client relogins into the system with the username and new password, it sends request to generate the QR code.

2. QR code scanner for Banking

   Once the request is forwaded to the server, it generates the QR code which is then displayed on the clients screen. Next, the client scans the QR code with the camera equipped mobile phone with the help of [Random no + IMEI no] stored in the system database.

3. Transaction

For the final transaction, the client has to do the needful by entering the payment details and amount.Subsequently proceeding for the other banking processes similarly.

2) ATM system

Analogous to the bank system different forms are designed for the ATM system to attain information from the client.

1. Login

   With this login page on the screen, the client is allowed to enter the account no. and the password for the process of the withdrawal/deposit of money.

2. Transfer

After authentication the client proceeds towards money transfer transaction. For transferring money the client needs to know his/her own ATM number and the ATM number of the other person along with the amount to be transferred . After entering the second account number a message is

popped up on the screen to confirm the transfer by manually confirming the given information of the other person.

ii) QRcode scanner for ATM

Once the request is forwaded to the server it then generates QR code which will be displayed on the screen. The client then scans the QR code with mobile phone application.After the scanning is completed the random no. string is generatedwhich is said to be useful in the further process thus providing effective security measures into the system.

III. CONCLUSION

A relevant amount of people living in a developed country would have a smart-phone able to take pictures and scan QR codes which makes this authentication approach a real possibility in the real world as it makes it more secure than the average authentication method, as it is based in a two- factor authentication method and not in the usual username and password approach. QR-based authentication offers a very secure and fast authentication method that must be considered to securely and easily authenticate.

ACKNOWLEDGMENT

We would like to express our thankfulness and pleasure to everyone helped us in every way possible. A special thanks and gratitude towards our final year project guide, Prof.ReenaSomani, whose help, motivation suggestions and encouragement, helped us to coordinate our project.We would also like to acknowledge with gratitude the crucial role of the staff ,supervisors as well as the panel of InformationTechnology, who gave the permission to utilize all required resources and the necessary material for making the documents efficiently .

REFERENCES

1. Sonawane Shamal1 , Khandave Monika , NemadeNeha,A Study on Secure Authentication for Banking System Using QR Code, in International Journal of Emerging Technology and Advanced Engineering Certified Journal, Volume 4, Issue 3,

   March 2014,website:www.ijetae.com

2. Abhishek Gandhi, BhagwatSalunke, SnehalIthape, VarshaGawade, Prof.SwapnilChaudhari. , Advanced Online Banking Authentication System Using One Time Passwords Embedded in Q-R Code in (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 5 (2) ,

   March 2014

3. AkashM.Bhalerao, AbhijeetP.Pandhare, AkashH.Bhogade, AmitC.Mane, SECURE BANKING SYSTEM USING ANDROID APPLICATION in International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), Volume 4 Issue 3, March 2015

4. D. R. Anekar, BinayRana, Vishal Jhangiani, Aziz Kagzi, Mohammed Kagalwala, Online Banking Security System Using OTP Encoded in QR-Code in International Journal of Advanced Research in Computer Science and Software Engineering, Volume 5, Issue 3, March 2015

5. Sibi K, Suresh Kumar A, Ramya P, Secured Online Banking System Using OneTime Passwords Encrypted in QR-Code in International Journal of Digital Communication and Networks (IJDCN) Volume 3, Issue 3, March 2016

6. SafaHamdare, VarshaNagpurkar, Jayashri Mittal, Securing SMS Based One Time Password Technique from Man in the Middle Attack in International Journal of Engineering Trends and Technology (IJETT)-Volume 11 Issue 3- May 2014

7. Ms. Ankita R Karia, Dr.Archana B. Patankar, Ms. PurnimaTawde, SMS-Based One Time Password Vulnerabilities and Safeguarding OTP Over Network inInternational Journal of Engineering Research & Technology (IJERT) Vol. 3 Issue 5, May 2014,www.ijert.org

8. Abhishek B. Iyer, Rohit A. Shah, Pritamkumar D. Suryawanshi, SwapnilTawade, Banking Authentication System Using Mobile-OTP with QR code in ASMs international E-Journal Of Ongoing Reasearch in Management And IT e-ISSN- 2320- 0065