Skip to Main content Skip to Navigation
Conference papers

One-Time Biometrics for Online Banking and Electronic Payment Authentication

Aude Plateaux 1 Patrick Lacharme 1 Christophe Rosenberger 1 Audun Jøsang 2
1 Equipe Monétique & Biométrie - Laboratoire GREYC - UMR6072
GREYC - Groupe de Recherche en Informatique, Image, Automatique et Instrumentation de Caen
Abstract : Online banking and electronic payment systems on the Internet are becoming increasingly advanced. On the machine level, transactions take place between client and server hosts through a secure channel protected with SSL/TLS. User authentication is typically based on two or more factors. Nevertheless, the development of various malwares and social engineering attacks transform the user's PC in an untrusted device and thereby making user authentication vulnerable. This paper investigates how user authentication with biometrics can be made more robust in the online banking context by using a specific device called OffPAD. This context requires that authentication is realized by the bank and not only by the user (or by the personal device) contrary to standard banking systems. More precisely, a new protocol for the generation of one-time passwords from biometric data is presented, ensuring the security and privacy of the entire transaction. Experimental results show an excellent performance considering with regard to false positives. The security analysis of our protocol also illustrates the benefits in terms of strengthened security.
Document type :
Conference papers
Complete list of metadatas

Cited literature [24 references]  Display  Hide  Download
Contributor : Morgan Barbier <>
Submitted on : Thursday, October 23, 2014 - 10:08:20 AM
Last modification on : Thursday, February 7, 2019 - 5:35:50 PM
Document(s) archivé(s) le : Saturday, January 24, 2015 - 10:06:27 AM


Publisher files allowed on an open archive


Distributed under a Creative Commons Attribution 4.0 International License



Aude Plateaux, Patrick Lacharme, Christophe Rosenberger, Audun Jøsang. One-Time Biometrics for Online Banking and Electronic Payment Authentication. International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES), Sep 2014, Fribourg, Switzerland. pp.179-193, ⟨10.1007/978-3-319-10975-6_14⟩. ⟨hal-01076676⟩



Record views


Files downloads