Secure User Authentication System Using Image-Based OTP and Randomize Numeric OTP Based on User Unique Biometric Image and Digit Repositioning Scheme

Abstract

Proposed system introduces a combined one time password (OTP)-based authentication system where image OTP is used in first level and numeric OTP is used in the second level of authentication. Server randomly selects an image as image OTP and encrypts it using user unique biometric image and user-defined Bit-wise Masking and Alternate Sequence (BWMAS) operation. This encrypted image OTP will be shared and to be decrypt by the user. Then the system generates a large random number as first part of numeric OTP within a range where range value is derived from the user password. Second part of numeric OTP is generated from the values of randomly selected blocks of the randomly selected pixels of user biometric image. Finally we combine those OTPs using alternate merging and generate intermediate numeric OTP which will be shared from server to user. Final numeric OTP will be generated in user and server end from intermediate OTP using user-defined digit repositioning scheme chosen by user. Random generation of numeric and image OTP, distribution of encrypted image OTP and formation of final numeric OTP using digit repositioning scheme impose a great security to the system.