A Secure and Practical Authentication Scheme Using Personal

Devices

Abstract
Authentication plays an important role in securing online banking system, and many Banks and
various services have long relied on username / password combinations to verify users. Remember
usernames and passwords for many accounts will be heavy and inefficient task. Legacy
authentication methods failed again and again, you are not immune to a variety of attacks against
users, networks or Authentication server. Over the years, data breach reports have indicated that
attackers have created many advanced techniques to steal user credentials that can pose a serious
threat.
EXISTING SYSTEM

Traditional authentication schemes such as the username/password combo pose a serious threat to
the online banking services, financial systems, and their users. Most current authentication systems
assign or allow a user to choose a static and unique user id that acts as a label. This static label is
typically attached to the user for a long time. Unfortunately, users tend to use the same user id in
many different websites and systems. Furthermore, many users continue to employ the same
password across online accounts and systems. According to a recent study, 51% of the surveyed
users reuse the same password across different websites, and more than 77% of the participants
either slightly change or reuse existing passwords with simple tricks.

DIS ADVANTAGES

Memorizing usernames and passwords for a lot of accounts becomes a cumbersome and inefficient
task.

It decreases the security of authentication

PROPOSED SYSTEM

In Proposed System, An efficient and practical user authentication scheme using personal devices
that utilize different cryptographic primitives such as encryption, digital signature, and hashing.
The technique benefits from the widespread usage of ubiquitous computing and various intelligent
portable and wearable devices that can enable users to execute a secure authentication protocol.
Our proposed scheme does not require an authentication server to maintain static username and
password tables for identifying and verifying the legitimacy of the login users. It not only is secure
against password related attacks, but also can resist replay attacks, shoulder surfing attacks,
phishing attacks, and data breach incidents.

ADVANTAGES

Secure against password related attacks.

It can resist replay attacks, shoulder surfing attacks, phishing attacks, and data breach incidents
SYSTEM REQUIREMENTS

H/W System Configuration:-

Processor - Pentium –III

RAM – 1GB

Hard Disk - 20 GB

Key Board - Standard Windows Keyboard

Mouse - Two or Three Button Mouse

Monitor - SVGA

S/W System Configuration:-

Operating System : Windows95/98/2000/XP

Application Server : Tomcat5.0/6.X

Front End : Java.

Back End: SQL Server 2005