3D PASSWORD FOR MORE SECURE AUTHENTICATION

INTRODUCTION

Normally the authentication scheme the user undegoes is paticularly very lenient or very
strict.Throughout the yeras authentication has been a very interesting approach.With all the
means of technology developing ,it can be very easy for 'others' to fabricate or to steal
identity or to hack someones password.Therefore many algorithms have come up each with
an interesting approach toward calculation of a secret key.The algorithms are such based
to pick a random number in the range of 10^6 and therefore the possbilities of the sane
number coming is rare.

Users nowadays are provided with major password stereotypes such as textual
passwords,biometric scanning,tokens or cards(such as an ATM) etc.Mostly textual
passwords follow an encryption algorithm as mentioned above.Biometric scanning is your
"natural" signature and Cards or Tokens prove your validity.But some people hate the fact to
carry around their cards,some refuse to undergo strong IR exposure to their
retinas(Biometric scanning).Mostly textual passwords, nowadays, are kept very simple say
a word from the dictionary or their pet names,grilfriends etc.Ten years back Klein performed
such tests and he could crack 10-15 passwords per day.Now with the technology
change,fast processors and many tools on the Internet this has become a Child's Play.

Therefore we preset our idea, the 3D passwords which are more customisable, and very
interesting way of authentication.

WORKING

Now the passwords are based on the fact of Human memory.Generally simple passwords
are set so as to quickly recall them.The human memory,in our scheme has to undergo the
facts of Recognition,Recalling,Biometrics or Token based authentication.

Once implemented and you log in to a secure site,the 3D password GUI opens up.This is
an additional textual passwords which the user can simply put.Once he goes through the first
authentication, a 3D virtual room will open on the screen.In our case, lets say a virtual
garage.

Now in a day to day garage one will find all sorts of tools, equipments ,etc.each of them
having a unique properties.The user will then interact with these properties accordingly.Each
object in the 3D space, can be moved around in an (x,y,z) plane.Thats the moving attribute
of each object.This property is common to all the objects in the space.Suppose a user logs in
and enters the garage.He sees and picks a screw-driver(initial position in xyz coordinates
(5,5,5)) and moves it 5 palces to his right (in XY plane ie (10,5,5).That can be identified as
an authentication.

Only the true user understands and recognizes the object which he has to choose among
many.This is the Recall and Recognition part of human memeory coming into
play.Interestingly,a password can be set as approaching a radio and setting its frequency to
number only the user knows.

Security can be enhanced by the fact of including Cards and Biometric scanner as
input.There can be levels of authentication a user can undergo.More the confidentiality more
the complexity.In that scenario a virtual environment can be developed as a globe,a city or
simply a garage.

EXPECTED FUNCTIONALITIES

1.The user can decide his own authentication schemes.If he's comfortable with Recall and
Recognition methods then he can choose the 3d authentication just used above.

2.The authentication can be improved since the unauthorised persons will not interact with
the same object as a legitimate user would.We can also include a timer.Higher the security
higher the timer.Say after 20 seconds a weak password will be thrown out.

3.The 3D environment can change according to users request.

4.It would be difficult to crack using regular techniques.Since all the algorithms follow steps
to authenticate,our project has no fixed number of steps.Hence to calculate all those
possibilites and decipher them is not easy.

5.Can be used in critical areas such as Nuclear Reactors,Missile Guiding Systems etc.

6.Added with biometrics and card verification,the scheme becomes almost unbreakable.
Reference: http://www.seminarprojects.com/Thread-3d-password-for-more-secure-
authentication-full-report#ixzz1I4ulYjX7

3D Secure Password

Download:
Post to: More
Share Flag Favs
Channels

Views: 1370 Like it (11) Dislike it (0)

Favourites: 3 Add to favourites
Added: November 20, 2010 Presentation Category: Science & Tech.. This Presentation is Public
License: All Rights Reserved

Presentation Description

No description available.
Comments

(32) Post a Comment

Post Comment

By: ranu0602 (1 days ago)

plz send me presentation sir my id is ranumittal123@gmail.com
Post Reply
Edit Comment

By: sbdhsd (3 days ago)

pls send mein this persentaion as soon as posible ,my id is piyush_goel69@yahoo.com
Post Reply
Edit Comment

By: harshithans (4 days ago)

Gud presentation... I liked it.. Can u please send me this copy of ppt on Email
ID:harshi1709@gmail.com within 26th March
Post Reply
Edit Comment

By: prashp3p (2 week(s) ago)

Hii... i liked the presentation. Can u send me this copy of ppt on Email ID: prashp3p@gmail.com
Post Reply
Edit Comment

By: ajaysuwalka (3 week(s) ago)

nice presentation.. Pls send this one PPT on my ajsuwalka@gmail.com Email ID
Post Reply
Edit Comment
See all
Presentation Transcript

What is the TOPIC ??? :

What is the TOPIC ??? 3-D Secure Password

What 3-D Secure Password Is… :

What 3-D Secure Password Is… It is an E-Commerce Application for Payment System To know about
the 3-D Secure password we need to know about 3-D and then 3-D Secure. 3-D Stands for Three
Domains here. 3-D Secure is XML Based Protocol to implement the better security to the Credit and
Debit card Transactions. So The Password formed by 3-D Secure Protocol is called 3-D Secure
Password.

Slide 3:
What Three Domains Are….. Three Domains Consist of Three Type of Domains. The Very First is
Acquirer Domain. (The Merchant and The Bank to which money is being paid) The Second is Issuer
Domain.(The Bank which issued the card being used) And Last but certainly not the least is
Interoperability Domain.(The Infrastructure provided by the credit card scheme to support the 3-D
Secure Protocol)

Who Developed this 3-D Secure Password???.... :

Who Developed this 3-D Secure Password???.... It was very firstly developed by the company
“VISA” and gave the name “Verified by Visa” (VBV) . Now it is also adopted by the company “Master
Card” and gave the name “Master Card Secure Code” (MCSC). It is also being used by the company
“JCB International” and gave name “J/Secure“

Slide 5:
Entities for Transactions……. MERCHANT CUSTOMER BANK INFRASTRUCTURE SERVICE OR
PRODUCT

Purpose for using of 3d secure password….. :

Purpose for using of 3d secure password….. Basically 3-D Secure Password is used to provide the
better security to the Customers for Transactions in the Online Payment System. For Online
Purchasing mostly we have to pay Digital Cash so we have to deal online then it includes Bank,
Merchant and Customer so there is requirement of security from Fraud and Money Theft. It is being
used for removing the Risk over the Internet so that customer can feel free in doing Online
Transactions.

HOW 3-D Secure Password WORKS ??.. :

HOW 3-D Secure Password WORKS ??.. This protocol uses XML messages sent over SSL
connections with client authentication (this ensures the authenticity of both peers, the server and
the client, using digital certificates). This is a one time process which takes place on the card
issuer's website and involves the cardholder answering several security questions to which only the
card issuer and cardholder will know the answer. The cardholder selects a password and agrees on
a secret phrase, which will be used by the card issuer during each online transaction. 3D Secure can
be thought of as an online version of “Chip and Pin technology”.

Implementation of Protocol… :
Implementation of Protocol… In order for a Visa or MasterCard member bank to use the service, the
bank has to operate compliant software that supports the latest protocol specifications. Once
compliant software is installed, the member bank will perform product integration testing with the
payment system server before it rolls out the system. 3-D Secure Components ACS Providers MPI
Providers (Access Control Server) (Merchant Plug-In)

ACS PROVIDERS :
ACS PROVIDERS In 3-D Secure protocol, ACS (Access Control Server) is on the issuer side (banks).
Currently, most banks outsource ACS to a third party. Commonly, the buyer's web browser shows
the domain name of the ACS provider, rather than banks' domain name, however this is not required
by the protocol. Dependent on the ACS provider, it is possible to specify a bank owned domain
name for use by the ACS.

Mpi providerS :
Mpi providerS Each 3-D secure transaction involves two simple internet request/response pairs:
VEReq/VERes and PAReq/PARes. Visa and MasterCard don't license merchants for sending
requests to their servers. They isolate their servers by licensing software providers which are called
MPI (Merchant Plug-In) providers.

Working Toward Implementation :

Time Spent Transactions Flow Implementation of 3-D Secure Password Achieve Security Working
Toward Implementation Using 3-D secure Password

How To Process and Precautions with 3-D Secure Password :

How To Process and Precautions with 3-D Secure Password

How Effective 3-D Secure can be…. :

How Effective 3-D Secure can be…. This technology Implementation curve may be like this…. 3-D
Secure Password 1 Year 2 Year 3 Year

ADVANTAGES FOR MERCHANTS… :

ADVANTAGES FOR MERCHANTS… Reduction in “Unauthorized Transactions” CHARGE BACK
More Security and Reliability More Security means more of the Customers more if Transactions
which is beneficial. Authentication

ADVANTAGES FOR CUSTOMERS… :

ADVANTAGES FOR CUSTOMERS… Decreased Risk of Fraud for Online Payment Better Password
Security Better Online Shopping and Payments System

LIMITATIONS.. :
LIMITATIONS.. For the Merchant It can be too expensive because in Purchasing Software, Monthly
Fee, Setup Fee, Per Transactions Fee so customer has to also face these Expenses. There may be
more phishing attacks with unfamiliar domains because of Vendor’s MCS and Out Sourced ACS
Implementations by issuing banks.

Performance……… :
Performance……… It was officially launched in 2007 and now most of the banks are working with
this. ICICI and more Banks are working on implementing on 3-D Secure. As Now more than 100
vendors are developing 3-D Secure. Current Version 1.0.2 is running with high Performance.