A Method and Its Usability for User Authentication by Utilizing a Matrix Code Reader on Mobile Phones

  • Michiru Tanaka
  • Yoshimi Teshigawara
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4298)


Recently, the number of troubles about the user authentication for network services by phishing or spyware has been increasing. Utilizing hardware tokens such as IC cards, OTP cards, USB keys, or mobile phones are paid attention for making user authentications secure. However, most of the existing methods tend to take a lot of effort and costs for introducing hardware tokens. In addition, although the some methods are easy to be introduced, there are the problems about eavesdropping of the authentication information by malicious-ware such as key loggers. In this paper, we propose a user authentication method which does not need input and send the authentication information between a user terminal and a network service provider via the Internet, instead a one-time token that is issued by the provider and displayed as a matrix code on the user terminal, and the user reads the information with a matrix code reader on the user’s mobile phone, and convert and transmit it to the provider via a comparatively trusted mobile phone carrier’s network. The prototype system is implemented, and the user experiments which compare fix password type, two-factor one-time password type, and proposed type, were performed. As a result of a questionnaire about the usability, it was verified that the proposed method could impress users with comparatively high security and usability.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellovin, S.M.: Spamming, phishing, authentication, and privacy. Communications of the ACM 47(12), 144 (2004)CrossRefGoogle Scholar
  2. 2.
    Berinato, S.: Smart cards: The intelligent way to security. Network Computing 9(9), 168 (1998)Google Scholar
  3. 3.
    RSA Security Inc.: SecurID.
  4. 4.
    Wu, M., Miller, R., Garfinkel, S.L.: Secure web authentication with mobile phones. In: DIMACS Symposium On Usable Privacy and Security 2004, DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ (2004)Google Scholar
  5. 5.
    NTT DoCoMo, Inc. (2006),
  6. 6.
    Denso Wave Inc.: QR,
  7. 7.
  8. 8.
    NTT DoCoMo, Inc.: FirstPass.

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Michiru Tanaka
    • 1
  • Yoshimi Teshigawara
    • 2
  1. 1.Faculty of Software and Information Science, Iwate Prefectural UniversityJapan
  2. 2.Faculty of Engineering, Soka UniversityJapan

Personalised recommendations