LAPPS: Location Aware Password Protection System

This report describes the design and the implementation of a password protection system that has been proposed as an idea then developed by the author for his undergraduate final year project, at the University of Essex. When designing the system the author has concentrated on adding extra layers of security to the traditional security systems without having to completely replace the existing security systems. Location Aware Password Protection System (LAPPS) is designed to strengthen the security of traditional password protection systems. This is achieved by adding several layers of protection to the passwords that most traditional password protection systems generate. The current implementation looks at the Password/Pin numbers of Credit/Debit cards that are used on Automated Teller Machine (ATM),though the underlying design of the system can be used in many other scenarios. A password that is generated will be allocated to a particular user and to the ATM that is nearest to the user. LAPPS ensures the following qualities of the passwords that it generates. • Location Awareness The passwords are generated according to the user’s geographical area, that they request their passwords from. So a password will only be active in just one location. • Time Awareness: A password will only be valid for five minutes. The unused passwords will be discarded. • Dynamic The user has to have a new password each time he/she logs in. A password is generated to be used only once. • User Oriented/Specific The received password can only be used by the requester, and can only be used on its allocated ATM. • Two Factor Authenticity The confidential information will be secured using two-factor authentication. For extra security, a Pin generating device has been introduced. This will produce an eight digit number that the user has to supply to the mobile application, before requesting for a password. The user can obtain a pin number by inserting his/her Debit/Credit card and the fixed password that has been allocated when the user registers with the system.