A Multifactor Secure Authentication System For Wireless Payment

Organizations are deploying wireless based online payment applications to expand their business globally, it increases the growing need of regulatory requirements for the protection of confidential data, and especially in internet based financial areas. Existing internet based authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. The vulnerability is that access is based on only single factor authentication which is not secure to protect user data, there is a need of multifactor authentication. This paper proposes a new protocol based on multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce another security level with the traditional Login/password system. The system provides a highly secure environment that is simple to use and deploy with in a limited resources that does not require any change in infrastructure or underline protocol of wireless network. This Protocol for Wireless Payment is extended as a two way authentications system to satisfy the emerging market need of mutual authentication and also supports secure B2B communication which increases faith of the user and business organizations on wireless financial transaction using mobile devices. Sugata Sanyal School of Technology and Computer Science, Tata Institute of Fundamental Research, (TIFR), Mumbai, India, e-mail: [email protected] Ayu Tiwari Indian Institute of Information Technology (IIIT), Allahabad (UP), India e-mail: [email protected] Sudip Sanyal Indian Institute of Information Technology (IIIT), Allahabad (UP), India e-mail: [email protected]