Risk Based Multilevel and Multifactor Authentication using Device Registration and Dynamic QR code based OTP Generation

Abstract: Online and Enterprise resources typically required authentication before user allow to access the sensitive applications and information. Sensitive information generally contains user personal information, transactions, confidential data, etc. Traditional user authentication system used user identifier, Password, Personal Identification Number (PIN), Token code etc. These Systems can't fulfil the current requirement of the user authentication. So that most of the system used multilevel and multifactor authentication mechanism to allow authorized user to get access the sensitive application and information. Recently such multilevel and multifactor security is provided using Risk Based Authentication (RBA) mechanism. The RBA provides access based on Enforcement policy and access decision based on the risk score. Due to which RBA mechanism provides a more secure way to access the sensitive application and information by the user. In this paper, we will propose RBA mechanism based on User’s machine specific authentication information and Dynamic Quick Response (QR) code based One Time Password generation for User step Up Authentication.

Keywords: Security, Access Control, Authorization, Risk Based Authentication, One Time Password