Content uploaded by Ahmad El allaoui
Author content
All content in this area was uploaded by Ahmad El allaoui on Apr 28, 2019
Content may be subject to copyright.
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 14, No. 7, July 2016
Secure Approach for Net Banking by Using
Fingerprint Authentication in Distributed J2EE
Technology
Rachid ALAOUI1, Khalid ABBAD2,Ahmad EL ALLAOUI3 and Moulay Abdellah KASSIMI4
1Laboratory of Systems Engineering and Information Technology (LISTI), ENSA, Ibn Zohr University Agadir, Morocco
2SIA Laboratory, FST, FSDM University, FEZ, Morocco
3ENSA AL Hoceima and Labo MATSI Mohammed I University OUJDA, Morocco
4LGEMS Laboratory, ENSA, Ibn Zohr University Agadir, Morocco
Abstract: Today, Net Banking or Internet Banking System is popular technology typically used by individuals to carry out a
variety of personal and business financial transactions and banking functions by using mobile technology. Net Banking is used
to describe banking transactions through internet application. But there are many security problems like fraudulent websites,
fake emails from banks, capturing user IDs and passwords, hacking personal bank accounts and ATM card etc. Security and
Authentication of individuals is necessary for our daily lives especially in net Banking. It has been improved by using
biometric verification techniques like fingerprints. This research paper gives a security solution mobile through a new model
with biometric recognition and SMS service.
Keywords: Secure Internet banking, Smartphone, Fingerprint, Banking transaction.
1. Introduction
Nowadays, in the self-service banking system has got
extensive popularization with the characteristic of
fering high-quality 24 hours service for customer.
Internet Banking is not only focused on transferring
money, but also to conduct many banking transactions
with minimum time [Nsouli S et al, 2002]. Every
customer can get connected to his bank’s website with
android smartphone and browser. However, many
hacking process is done in internet banking. To avoid
these problems, a new model has been developed for
secure internet banking with biometric recognition and
SMS mobile service. Once user get internet banking
access permission, user can access different types of
transaction such as balance enquiry, transfer of funds,
online payment of bills, accrued interest, fees and taxes,
transaction details of each account. The banking
services include bill payment, transferring amount,
recharging mobile phones, online applications, online
purchase, maintaining accounts [Basel Committee
Report, 1998]. In existing internet banking, user need to
register with bank for accessing internet banking and
then bank will provide a user ID and password (IPIN)
to user. Then, user can login through bank website with
user ID and password. If user enters correct user ID and
password, user can access to his bank account with
internet banking. Some banks provide extra
authentication process such as providing another
security token code to user mobile phone through SMS
message.
Disadvantages of Existing method
Internet banking use user ID and password of the
user. In this system, There are possibilities of
hacking keys or duplicated; signatures could be
forged, passwords could be easily stolen or hacked
by a specialist people.
Encryption problems software is used to protect
account information. However, there are no perfect
systems. Accounts are prone to hacking attacks,
phishing, malware and illegal activities.
Learning – Banks with complicated sites can be
cumbersome to navigate and may require one to
read through tutorials to navigate them.
complex transactions– face to face meeting is
better in handling transactions problems.
Customary banks may call for meetings and seek
expert advice to solve issues.
2. Literature Review
Automated teller machine (ATM) is a mechanical
device that has its roots embedded in the accounts and
records of a banking institution [Sri Shimal Das et al ,
2011]. Many established banks in developed countries
began with ATMs and evolved through Personal
Computer-banking, Telephone-banking, Internet-
banking. Daniel [1999] explained that the increased
competition due to new arrivals, electronic services
and increasing security for banking systems
considering e-banking. Khorshid and Ghaneh [2009]
conducted a research about challenges of e-banking
208
https://sites.google.com/site/ijcsis/
ISSN 1947-5500
and identified the problems such as maintaining privacy
of customers, security and attaining customer trusts.
Main challenges for development of Net banking on
customer side arise due to reputation, laws and
regulations.
To avoid all these accidental losses; banks and other
institutions should enter biometric security and all our
fears could be laid to rest. Biometrics security system
simply allows identifying yourself by your inherent
biological features like eye, finger prints. So fingerprint
recognition is widely used due to its reliability [D.
Maltoni et al, 2009]. It is widely used in forensic and
commercial applications such as criminal investigation,
ecommerce, unique ID cards (fig.1) and net banking
[Heeseung Choi et al, 2011][ M.Sandeep et al, 2015].
Figure 1.ATM Transaction by ID cards and fingerprint
recognition.
Fingerprint recognition is identified from
impressions made by unique ridges on fingertips. The
finger prints images given through the scanner and
enhanced, then converted into a template. Most of the
automatic systems use finger print recognition method
for minutiae matching (figure 2). The split in the ridges,
bifurcation, lake and termination in irregular pattern is
called minutiae. In general, ridge ending and ridge
bifurcation are used for fingerprint identification [Lin
Hong,1998].
Figure 2. Registering a person in a biometric system.
With the help of sophisticated programming
techniques, the websites which resides on a financial
institution's network can be hacked by an attacker.
Using this, he can access the bank's systems to locate
the ATM database and hence collect card information
which can be used later to create a clone card. A
biometric system recognition provides more accuracy
and secrecy than PIN. When a client approaches the
branch for opening an account, he is asked to fill in
with the questions. Along with the questions the
fingerprint images are also collected in the branch.
3. The Existing Method for Net Banking
Internet banking identifies a particular set of
technological solutions for the development and the
distribution of financial services, which rely upon the
open architecture of the Internet. With the
implementation of an Internet banking system, the
banks maintain a direct relationship with the end users
via the web and are able to provide a personal
characterized to the interface, by offering additional
customized service.
Fig 3 explains the Internet Banking Security (IBS);
the user should first enter User ID and password
which will be verified in the bank website for
authorization. If the user ID and password matches the
user can login to internet banking system. Otherwise,
“Invalid user” is reported to the user. If the user is
valid, user can access to internet Banking processing
such as balance enquiry, transfer of funds, online
payment of bills, accrued interest, fees and taxes,
transaction details of each account, accounts, credit
card and home loan balances, transfer funds to third
party accounts user nominate, open a deposit right
from the terminal. The details of the transactions are
finally stored in the Database:
Figure 3 Existing model for Internet Banking system.
Another Approaches for Net banking security
combines the usage of pin-number and mobile code
[Collin Mulliner et al, 2013]. This validation bank
provide extra authentication process such as providing
another security token code to user mobile phone
through SMS. In online banking web applications for
example, the user has to authenticate himself via a
valid username and password to initiate a transaction.
Directly after this transaction request, the user gets an
SMS message containing the One-Time Passwords
OTP that must be additionally entered to authorize the
transaction. In this application area the OTP is called a
mobile Transaction Authorization Number (mobile
TAN or mTAN). The Figure 4 presented the online
service sends the OTP to the user’s mobile phone via
209
https://sites.google.com/site/ijcsis/
ISSN 1947-5500
the cellular network, and the user enters the OTP to
authenticate or authorize a transaction.
Fig. 4 SMS OTP Principle: The OTP is generated by the service
provider and sent to the mobile network operator (MNO) that
delivers the OTP via SMS to the user.
4. Using a Smartphone for Biometric
Authentication
Taking into consideration accuracy and reliability
among the various biometric system the most popular
are the ones based on fingerprint matching. In Fig 5, the
arrangement for sensors can be made in built in the
existing smartphone like fingerprint sensor. This makes
the mode of identification very attractive and easier.
Due to its unique identity and easy accessing, the finger
print identification has been increased in civil and law
enforcement applications [Zain S. Barham et al, 2011][
R.Mourya1 et al, 2015].
Fig.5 Block diagram of Biometric Process by a smartphone
sensoring.
The purpose of this study is to identify security in
mobile banking and to provide an authentication
method for mobile banking transaction by using a
biometric authentication.
5. Proposed Method of Internet Banking
Every group bank in order to be able to use the
broker will have to subscribe to the services provided.
The bank system comprises a module which were
developed to demonstrate the full integration of the
proposed authentication scheme. This module is an
account management system used by the bank’s
workers (AdminBank) to carry out such management
process as creating new accounts, setting up
account’s details and security levels, adding an
additional holder to an existing account, and
enrolling user’s fingerprints.
In Internet Banking, the user should first enter User
ID and password which will be verified in the bank
website for authorization. If the user ID and password
matches the user can login to internet banking system.
Otherwise, “Invalid user” is reported to the user. At the
same time user scans his fingerprint through scanner
and checked with fingerprint feature extraction and
matching process (Fig.6). The Fingerprint image
should match with banking database fingerprint. After
that, the customer can access to interface Manager
customer bank ATM. When the customer lost the
ATM card, he can block the ATM card. After the
fingerprint recognition success, a onetime password is
generated during registration process. That password
is sent to the user’s mobile number for authentication.
After validity, the user can access to interface
Manager customer and start transaction. The details of
the transactions are finally stored in the Database.
Fig.6 Architectural diagram of the proposed Net Banking system.
6. Algorithm of Proposed Model for
Internet Banking System
Connect personal system bank website by a
smartphone
1. [Entering into Internet Banking System]
2. [SET banking user id, password]
3. [Validate userID, password]
If bkuserid := userid and bkpasswd := password Then
Enter into Internet Banking System
Else:
Write : invalid user;
4. [Finger print recognition]
5. [Scan finger print] Read : fingerprint;
6. [Retrieve finger print]
Set USERfingerprint := fingerprint;
7. [Validate finger print ]
For i:= every valid user in system, do
If db[i]. fingerprint = USERfingerprint Then
Enter into interface Manager customer bank ATM;
If card ATM is losed check option blocked card;
[end if]
password is sent to the user’s mobile number for
authentication;
Else
Write : invalid user
[end if]
[end for]
210
https://sites.google.com/site/ijcsis/
ISSN 1947-5500
8. [Validate SMS Mobile]
Enter into Interface Manager customer;
Start transaction;
9. Exit
This algorithm can be used to develop a various
number of applications for control access, internet
banking or anything else that requires a great level of
security
7. Architectural and Comparison of Existing
Method and Proposed Model
The J2EE platform gives a multitiered distributed
application model, the ability to reuse components, a
unified security model, and flexible transaction control
for a net banking architecture. The Figure 7 shows two
multitiered J2EE applications divided into the tiers
described in the following list. The J2EE application
parts are presented in J2EE Components:
- Client-tier components run on the clients machine.
- Web-tier components run on the J2EE server.
- Business-tier components run on the J2EE server for
Net Banking process.
- Enterprise information system (EIS)-tier software runs
on the EIS server.
For leveraging the security, our J2EE
architecture include more modules integration for
secured Net Banking process. The Java Authentication
and Authorization Service (JAAS) can be used
for authentication and authorization of users to ensure
they have the access control rights (permissions).
Fig. 7 J2EE Design Patterns for the Net Banking Architecture.
The figure 8 describe how they all work
together to process an authentication request. For
starters, the following sequence diagram shows the
class interaction that occurs during a successful
authentication and identifies the key participants and
their activities. The Client requests access to a
protected J2EE application. The J2EE application
verifies the requests using the JAAS athentication
Modules and then initiates authentication by forwarding
the request to the biometric authentication server and
mobile OPT validity.
Fig.8 Sequence Diagram authentication process
One of the major problems with the
authentication of users via the internet Banking is the
inherent lack of security of traditional authentication
techniques, passwords PIN numbers and cookies. With
the current development of the biometric technology
and mobile validity market (TABLE 1), the possibility
of identifying someone online has been addressed. Our
architecture allows a web page to include a validation
check using objects embedded in the web page.
In the proposed solution, even if the mobile
phone and card is lost the attacker gets hindered by
various levels. This provide enough time for the user to
be aware of the issue and he/she can immediately
block the ATM card himself or herself. The great
advantage of the solution is that it ensures security
(TABLE 2) in the worst case where both the card and
mobile phone get lost.
Moreover the proposed solution does not
demand any change in the infrastructure of the J2EE
system. Since this is the era of mobile banking, the
proposed solution can be easily integrated into the
mobile applications that enable J2EE banking system.
All that is needed here is some add-ons to the mobile
application and inclusion of some extra functionality to
the already existing web service. Hence the solution is
cost-effective. Here security is improved by integrating
mobile phone into J2EE system.
For a single authentication system, any one can hack
user id and password and also they can access the Net
banking. So it is not secure authentication method. So
a double authentication system is better than single
authentication system. Insider is most responsible for
the majority of fraud action. Since insider can easily
hack username, password as well as user mobile SMS
211
https://sites.google.com/site/ijcsis/
ISSN 1947-5500
also. Mostly insider may be family members, colleague
or nearby gang.
In our proposed model (TABLE 2), Fingerprint
recognition has been used for uniqueness and anybody
cannot change finger print of user. Fingerprints became
an important identification of complex criminals
through finger print recognition. So it is more secure
model. Users fingerprint cannot be used anywhere
without the knowledge of user. In this architecture, user
should scan his fingerprint. But, all systems has not
scanning peripherals by default. So each system or
laptop has to be made with scanning facilities inbuilt.
For the machines already in use, user can use
additional accessories for fingerprint scanning.
Already, this fingerprint authentication system is used
in ATM. Not only ATM, many departments using this
model. But Net bank is most popular and money
oriented groups. No one can maintain full secure
methods for this process in internet banking.
TABLE I. COMPARISON OF EXISTING METHODS AND PROPOSED MODEL
Existing Method
Proposed model
Single authentication system:
User enters User ID and password which will be verified in the bank website
for authorization. If the user ID and password matches the user can login to
internet banking system. Otherwise, “Invalid user” is reported to the user.
User enters User ID and password which will be
verified in the bank website for authorization. At the
same time user scan his fingerprint by a smartphone
and checked for matches.
A biometric authentication and mobile validity market
verified in the bank website for authorization.
Otherwise, “Invalid user” is reported to the user.
Double authentication system:
• User enters User ID and password which will be verified in the bank website
for authorization. If the user ID and password matches the user can login to
internet banking system. Otherwise, “Invalid user” is reported to the user.
• After this validation bank provide extra authentication process such as
providing another security token code to user smartphone through SMS
TABLE II. COMPARISON BETWEEN SINGLE AUTHENTICATION SYSTEM, DOUBLE AUTHENTICATION AND PROPOSED
MODEL
Method
Model
User id & pass to
login
SMS security code
Biometric recognition
Security ATM
card
Security level
Single authentication
system
Can hack
………
………
………
Not secured
Double authentication
system
Can hack
Insider only can hack
………
………
Half secured
Proposed model for IBS
with Biometric
recognition
Can hack
Insider only can hack
No one can hacking
Secured if ATM
loses
Fully
secured
7. Conclusion
Mobile Net banking has become immensely popular
among customers as a suitable method for money
transaction. The proposed model has been developed
for net banking system with biometric recognition and
mobile process. A new technique to access the internet
banking process is more secure than existing methods.
Because fingerprint recognition method is unique
method. If the machines are built with scanning
accessories, the user can make the authentication by
using user ID, password and finger print recognition,
SMS validity. By the interface Manager customer bank
ATM, when the ATM card is lost, the customer can
block the ATM card with every android smartphone.
The transaction would be more secure method. In this
model, unauthorized persons cannot surely hack or
access the user accounts.
References
[1] Basel Committee Report on Banking
Supervision. (1998). Risk Management for Banking
and electronic money activities. Available From:
www.bis.org/publ/bcbs98.pdf.
[2] Daniel, E. (1999), Provision of Electronic
Banking in the UK and the Republic of Ireland.
International Journal of Bank Marketing, 17(2):72-
82.
[3] Khorshid, S. and Ghane, H. (2009), Ranking
the challenges of e-banking with the help of AHP
model. Journal of Modiriyate Sanati azad
University of Sanandaj. 4(9):89-106.
[4] Zain S. Barham, "Fingerprint Recognition
using MATLAB",2011
[5] Lin Hong, "Automatic person identification
using fingerprints," Ph. D. Thesis, 1998
[6] D. Maltoni, D. Maio, A. K. Jain, and S.
Prabhakar, "Handbook of Fingerprint Recognition",
Second Edition, Springer, 2009, ISBN 978-1-
84882-25365
[7] Collin Mulliner, Ravishankar Borgaonkar,
Patrick Stewin, and Jean-Pierre Seifert "SMS-
Based One-Time Passwords: Attacks and Defense"
Springer-Verlag, DIMVA 2013, LNCS 7967, pp.
150-159, 2013
[8] Heeseung Choi, Kyoungtaek Choi, and Jaihie
Kim, "Fingerprint Matching Incorporating Ridge
Features with Minutiae", June 2011
212
https://sites.google.com/site/ijcsis/
ISSN 1947-5500
[9] Salil Prabhakar, Anil K Jain and Sharath
Pankanti, "Learning fingerprint minutiae location
and type", Pattern recognition 36(2003)- 1847-1857
[10] Sri Shimal Das, Smt. Jhunu
Debbarma"Designing a Biometric Strategy
(Fingerprint) Measure for Enhancing ATM Security
in Indian E-Banking System"International Journal of
Information and Communication Technology
Research,ISSN-2223-4985, Volume 1 No.5,
September 2011
[11] M.Sandeep, D.Nagalaxmi ''Secure Approach
for Net Banking by Using Fingerprint
Authentication'' International Journal of Engineering
Science and Computing IJESC 2015
[12] Nsouli, S M and A Schaechter (2002):
'Challenges of the E-banking Revolution', Finance
and Development, International Monetary Fund,
September, Volume 39, Number 3
[13] Renu Mourya1, Ms.Sarita "FINGERPRINT
MATCHING TECHNIQUES:
REVIEW"International Journal of Science,
Technology & Management Volume No 04, Special
Issue No. 01,ISSN (online): 2394-1537, May 2015
213
https://sites.google.com/site/ijcsis/
ISSN 1947-5500