스마트폰을 이용한 Challenge-Response 인증

Challenge-Response Authentication with a Smartphone

This paper proposes an one-time authentication system for web applications by making use of the quick-response code, which is widely used nowadays. The process is not time-consuming. It does not require any browser extensions or specific hardware to complete a task. The system uses QR code which is basically a two-dimensional black and white image encoding a piece of digital information. When a user logs into a site, the web server will generate a challenge encoded to form a QR code. The user captures a picture of QR code with a mobile camera which results in decoding the QR code. The challenge shall be sent back to the server; the web server then logs the PC browser in. The authentication using Challenge-Response is easy to understand and the process is fast. The system proposes the improvement of usability and security of online authentication.