UTP: A Novel PIN Number Based User Authentication Scheme

This paper proposes a Personal Identification Number (PIN) number based authentication scheme named User Transformed PIN (UTP). It introduces a simple cognitive process with which users may transform their PIN numbers into a dynamic one-time number. PIN numbers are widely used for the purpose of user authentication. They are entered directly and reused several times. This makes them vulnerable to many types of attacks. To overcome their drawbacks, One Time Password (OTPs) are combined with PIN numbers to form a stronger two-factor authentication. Though it is relatively difficult to attack OTPs, nevertheless OTPs are not foolproof to attacks. In our proposed work, we have devised a new scheme that withstands many of the common attacks on PIN numbers and OTPs. In our scheme, users will generate the UTP with the help of a visual pattern, random alphabets sequence and a PIN number. Because the UTP varies for each transaction, it acts like an OTP. Our scheme conceals PIN number within the UTP so that no direct entry of PIN number is required. The PIN number could be retrieved from the UTP by the authenticator module at the server. To the best our knowledge, this is the first scheme that facilitates users to transform their PIN numbers into a one-time number without any special device or tool. Our scheme is an inherently multi-factor authentication by combining knowledge factor and possession factor within itself. The user studies we conducted on the prototype have provided encouraging results to support the scheme's security and usability.