A Novel Authentication Scheme to Increase Security for Non-Repudiation of Users

Protection of sensitive information is a growing concern worldwide. Failure to protect sensitive information can lead to loss of clients in the banking sector or threaten national security. Access to sensitive information starts with e-authentication. Most authentication systems are designed for authenticated users only. However, the user is not the only party that needs to be authenticated to ensure the security of transactions on the Internet. Existing one- time password (OTP) mechanism cannot guarantee non-repudiation and fail to guarantee reuse of a stolen device, which is used in authentication. A novel authentication scheme based on OTP is presented in this paper. This paper proposes a secure multi-factor electronic authentication mechanism. This mechanism is intended to authenticate both the user and the mobile device of the user to ensure non-repudiation and protect the integrity of the OTP against adversarial attacks. The proposed mechanism can detect whether the mobile device is in the hands of the rightful owner before the OTP is sent to the user. The system requires each user to have a unique phone number and a unique mobile device (unique International Mobile Equipment Identity (IMEI)), in addition to an ID card number. The proposed system can ensure that the user who misuses the system becomes liable for the act committed. Therefore, the proposed system can be used in e-banking, egovernment, and ecommerce systems, among other areas requiring high-security guarantees.