A stable and secure one-time-password generation mechanism using fingerprint features

Abstract

The growth of online application used for financial transactions and transferring personal information is increasingly common on internet and in mobile communication. These applications require authenticating legitimate users by assigning digital identities. Static passwords are perhaps most common type of credentials used today to authenticate the users. To avoid tedious task of remembering passwords, users often behave less securely by using low entropy and weak passwords, thus presenting security threats to online services. Various solutions have been provided to eliminate the need of users to create and manage passwords’ typical solution is based on generating one time password (OTP) for a single session or transaction. Unfortunately in most of the general mechanisms used for generating one time password (OTP) randomness of OTP system breaks after certain period of time and hence passwords become predictable. To solve this problem, in this paper a novel OTP generation method has been proposed, which generates OTP from fingerprint features of the user. The OTP produced from the system is secure as it uses fingerprint features in the seed and RIPEMD160 hash function in OTP generation procedure.