With the advancements in the field of Web and Mobile based commerce and communications, secure authentication has emerged as one of the most important requirements for any electronic commerce or mobile commerce based organization. Various situations require a user to be authenticated, in particular for financial transactions and it is anticipated that such authentications will only grow with time.
With the increase in penetration of mobile handheld devices, the number of applications designed for these platforms is also on the rise. In some mobile applications, it is essential for users to be able to authenticate themselves to other users on the phone network or to a service provider on the same network. One such application is mobile-phone based banking, wherein users maintain bank accounts with a central authority (both connected via a mobile phone network) and transfer money from their account into another user's account using a phone-based messaging protocol. Whenever the banking authority receives requests for such transactions from a user, it must first authenticate the user and only then let the transaction take place.
Mobile-phone based banking systems are becoming popular in many parts of the world, particularly in the developing countries of the world. Implementing authentication protocols on mobile phones in the developing world is a challenge since a large number of such phones have low computing and storage capabilities and thus cannot implement robust cryptographic algorithms that one may want to use for secure user authentication. The problem is exacerbated by the fact that mobile phone manufacturers are upping their investment in low-end phones due to their increasing demand in rural areas, but without much parallel effort to equip such phones with security features. In fact, several current implementations for implementing secure communication over mobile phone networks (e.g., those for GSM-based telephony) have been shown to be susceptible to easy attacks.
A paper-based solution for authentication in mobile-phone based banking is proposed in an article titled “Secure Branchless Banking” by Ashlesh Sharma and Lakshmi Subramanian and Dennis Shasha from New York University published in NSDR [Please provide full form] 2009. The solution proposed relies on transmitting fresh random nonces and a voice-based identifier per transaction. Hence, the proposed solution is not easy to use and requires additional software support.
Consequently, an authentication device and method which is strong, reliable, and resistant to security breaches, and at the same time is easy to use by a wide variety of users hailing from diverse backgrounds is required. Also is required an authentication device and method which may be implemented on low-end phones without the installation of any cryptographic software and without modifying the communication protocols used for messaging through mobile phones