2 Dec 2014



As part of the security within distributed systems, various services and resources need protection from unauthorized use. Remote authentication is the most commonly used method to determine the identity of a remote client. This paper investigates a systematic approach for authenticating clients by three factors, namely password, smart card, and biometrics. A generic and secure framework is proposed to upgrade two-factor authentication to three-factor authentication. The conversion not only significantly improves the information assurance at low cost but also protects client privacy in distributed systems. In addition, our framework retains several practice-friendly properties of the underlying two-factor authentication, which we believe is of independent interest. The main implementation of the Project is to get the Finger Print, RFID and the PIN from the User for the Authentication. If the Finger Print is same but not so clear then the Main Server will generate the Token number to the User’s Mobile number as OTP. This generated OTP would be given using Key Pad Matrix provided to the user during Account Registration. So the Server will be verifying User’s Finger Print, RFID card, PIN number, OTP via Key Pad Matrix and the ID of Key Pad Matrix. This will definitely ensure proper security of the user. 


In a distributed system, various resources are distributed in the form of network services provided and managed by servers. Remote authentication is the most commonly used method to determine the identity of a remote client. In general, there are three authentication factors:

1. Something the client knows: password.
2. Something the client has: smart card.
3. Something the client is: biometric characteristics
(e.g., fingerprint, voiceprint, and iris scan).

Most early authentication mechanisms are solely based on password. While such protocols are relatively easy to implement, passwords (and human generated passwords in particular) have many vulnerabilities. As an example, human generated and memorable passwords are usually short strings of characters and (sometimes) poorly selected. By exploiting these vulnerabilities, simple dictionary attacks can crack passwords in a short time Due to these concerns, hardware authentication tokens are introduced to strengthen the security in user authentication, and smart-card-based password authentication has become one of the most common authentication mechanisms. Smart-card-based password authentication provides two factor authentication, namely a successful login requires the client to have a valid smart card and a correct password. While it provides stronger security guarantees than password authentication, it could also fail if both authentication factors are compromised (e.g., an attacker has successfully obtained the password and the data in the smart card). In this case, a third authentication factor can alleviate the problem and further improve the system’s assurance.

Another authentication mechanism is biometric authentication, where users are identified by their measurable human characteristics, such as fingerprint, voiceprint, and iris scan. Biometric characteristics are believed to be a reliable authentication factor since they provide a potential source of high-entropy information and cannot be easily lost or forgotten. Despite these merits, biometric authentication has some imperfect features. Unlike password, biometric characteristics cannot be easily changed or revoked. Some biometric characteristics (e.g., fingerprint) can be easily obtained without the awareness of the owner.1 This motivates the three-factor authentication, which incorporates the advantages of the authentication based on password, smart card, and biometrics.
Any one of the Authentication Procedures are Process, like  Finger Print, RFID card, PIN.


In Our Proposed System of Implementation, We consider Three Factor Authentication using the following,

Ø  PIN Number
Ø  Biometrics (Finger Print)

Every User is provided with RFID Card for the initial Authentication Scheme, then the user will be giving the PIN number is Provided during the Registration Period itself.

Then the user is permitted to give his / her Finger Print to the main server. If the Finger Print is exactly matched, the user is allowed for the transaction. If the Finger Print is doubtful and not exactly matched with the registered Finger Print image then Server sends One Time Password as SMS Alert to the User’s Mobile Number.

This One Time Password which is generated as SMS is given by the User to the main server for authentication. In the normal three factor Authentication Scheme, we use following Authentication Procedures
  1. User PIN number along with Keypad ID
  2. RFID Tag
  3. Finger Print Image

In the case of Fuzzy Concept, where the Finger Print is not matched but matched to the maximum extent, and the server has suspicion, then the following procedure is followed,

  1. User PIN number along with Keypad ID
  2. RFID Tag
  3. Finger Print Image
  4. One Time Password (OTP) Generation to the user’s Mobile Number
  5. OTP given by the user to the server.
all those are used together for authentication. For Finger print Fuzzy Logic is applied for Exact Mapping and Proper Authentication.


Process, if finger print’s fuzzy rule says 60 – 80% of matching then One Time Password (OTP) is generated as SMS to the User’s Mobile. User will be giving OTP via Keypad Matrix. Along with the OTP, Key Pad ID is also passed for authentication. If Fingerprint, RFID card, PIN and OTP, Keypad ID (If Fingerprint is 60-80% matched) which become five factor authentication.


§  Processor               :           Pentium IV
§  RAM                     :           512 MB
§  HDD                     :           80 GB
§  RFID Reader With Tag
§  Finger Print
§  Mobile Phone for Generating SMS

§  Platform                :Windows Xp
§  Front End              : Java JDK1.5
§  Back End              :MS SQL server

No comments:

Post a Comment

Note: only a member of this blog may post a comment.