A Method and Its Usability for User Authentication by Utilizing a Matrix Code Reader on Mobile Phones

摘要

Recently, the number of troubles about the user authentication for network services by phishing or spyware has been increasing. Utilizing hardware tokens such as IC cards, OTP cards, USB keys, or mobile phones are paid attention for making user authentications secure. However, most of the existing methods tend to take a lot of effort and costs for introducing hardware tokens. In addition, although the some methods are easy to be introduced, there are the problems about eavesdropping of the authentication information by malicious-ware such as key loggers. In this paper, we propose a user authentication method which does not need input and send the authentication information between a user terminal and a network service provider via the Internet, instead a one-time token that is issued by the provider and displayed as a matrix code on the user terminal, and the user reads the information with a matrix code reader on the user's mobile phone, and convert and transmit it to the provider via a comparatively trusted mobile phone carrier's network. The prototype system is implemented, and the user experiments which compare fix password type, two-factor one-time password type, and proposed type, were performed. As a result of a questionnaire about the usability, it was verified that the proposed method could impress users with comparatively high security and usability.