Index IntroductionLiterature SurveyProposed SystemSurvey on Techniques for Hiding Information Using BarcodeSystem OverviewRegistration SystemOnline Authentication SystemOffline Authentication SystemSecurityFuture ScopeConclusionThis work contributes to the implementation and to designing an inventive secure authentication method using a QR Code; an open source proof of concept authentication system that uses two-way authentication by combining a password and a mobile phone, acting as an authentication token. The QR code is extremely secure as all sensitive information stored and transmitted is encrypted; however it is also an easy to use and economical solution. A strong password is stored in the QR code. The smartphone is used to scan the QR code. The code is scanned with the QR code scanner. The scan result generates a string which is the combination of the IMEI number of a user-registered phone and the random number, where the random number is generated by the preset random number function. If the network is available on the smartphone, the generated string is automatically inserted into the login page and the bank's home page is opened. Otherwise, a six-digit PIN code is generated that must be entered manually on the login page, and the bank's home page is open for transactions.[1]Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an Original Essay In a modern world where we can do almost everything online, nowadays it is a crucial issue to be able to access these services in the safest way. Indeed, as viruses and cracking methods become more complex and powerful every day, available security techniques must also improve, allowing users to protect their data and communications with maximum security. The goal is to develop an authentication method using two-factor authentication: a trusted device (a mobile phone) that will read a QR code and act as a token, and a password known by the user.IntroductionNow a day is almost all the things we are able to do online (like banking, shopping, communication) and the challenge here is that while we do these things online our information is not damaged. Indeed, as the method of cracking the security code becomes more complex and powerful. These powerful applications allow the user to work confidently on untrusted computers. This work is based on the two-way authentication system. In this the QR code provides security. The existing system with security methods such as password, username, fingerprint and face detection. But in these methods the security is not up to the mark, so it is necessary to develop a security system that offers high security. The recent interest in the use of visual tags in everyday life is a natural consequence of the technological advances found in modern mobile phones.[2] The QR code is a matrix consisting of a series of nominally square modules arranged in an overall square pattern, including a single pattern located at the three corners of the symbol and intended to facilitate identification of its position, size and inclination. A wide range of symbol sizes is provided along with four levels of error correction. There are two sections in this system. In the coding section, the conversion of the input data into a QR code symbol takes place. In this case the analysis and coding of dataare performed, so after error correction coding the final message consists of structures. The Decode section contains the decoding of the entered QR code image and displays the data that contains that QR code. The decoding procedure begins with rearranging the black and white form, then decoding format information. Literature survey In the literature survey we carried out the investigation on some commonly used systems. To eliminate the phishing threat and confirm the user's identity, the QR code will be scanned by the user's mobile phone. The mobile device can be used, and the weakness of the traditional password-based system can be improved with a one-time password (OTP) which It can be calculated based on the user's transaction information and unique user-side data such as the IMEI number of the user's mobile device. We simply studied how they work and tried to add unique features and disadvantages onto them and tried to learn something new from each system. Proposed System Design a system to replace the current OTP-based two-factor authentication system. The QR based authentication system allows the user to enter the password, if the user is authenticated, an encrypted string consisting of the user's IMEI number is displayed in the form of a QR code. The user uses their phone to scan the QR code and if the encrypted string is the same as the device's IMEI number the user is authenticated. Design a system for blind people where the person uses their phone to scan the QR code and once the scan is complete the code is spoken. Blind people can enter the code via text-to-speech into the web application. Article Name Disadvantages OTP Encryption Techniques in Mobile Devices for Transaction Authentication and Security Most OTP systems are susceptible to real-time replay and social engineering attacks. OTPs are also indirectly susceptible to man in the middle (MITM) and man in the browser (MITB) attacks. Survey on Information Hiding Techniques Using Barcodes Can Reduce Label Damage. Scratched or crumpled barcodes can cause problems. A secure credit card protocol over NFCSecurity issues. Sensitive data can be accessed if the card is lost. QR Code QR code is the quick response code. Before QR code, there are some authentication methods available: username and password, barcode, fingerprint, facial identity. But the username and password do not provide more security. And barcodes have some limitations like barcode stored only up to 20 digits. Therefore in barcode we are not able to store very complex passwords as barcode is not a more secure method.[3] Figure 4. Barcode Fingerprint and facial identity methods are very expensive and not accessible to common users. To overcome all the drawbacks of the existing system, QR code is introduced. QR codes (quick response codes) were introduced in 1994 by Denso-Wave, a Japanese company controlled by Toyota. QR codes are two-dimensional barcodes, so they can be read from any direction in 360°. They can store up to 4,296 alphanumeric characters. So that's way more than the barcode can store. The structure of the QR code is shown in the following figure: Advantages of the QR code The QR code is two-dimensional and readable in any direction. The QR code storage capacity is up to 4,296 alphanumeric characters. It is readable ifare partially damaged. It's easy to scan with a camera-based device. QR codes are not human readable. The QR code can store data stored in a one-dimensional barcode in one-tenth of the space. The QR code provides information correctly if the damage is up to 30%. It can handle many types of data such as numeric, alphabetic. System Overview Registration System The following steps provide the information on how to complete the registration process: The first user will enter the registration section in the web application and submit their username and password and the IMEI number of the phone. After validation, the data entered by the user is stored in the database. The data present in the database server produces the public and private key and is stored in the server. After that, the user will proceed to download and install the application on his phone. When the user first runs the application, the public and private key class files are created and stored in the mobile phone's internal memory.[4] In a registration if the user does not enter all the values ​​such as username, password, IMEI number, mobile number and email address, the registration process will not be completed. Validation is the most important part of the registration process; If validation fails, the user is unable to log in. Online Authentication System The first IMEI number and random number are encrypted using the public key. This encrypted string generates the QR code using the QR code generation feature present in Java. Now this QR code image is displayed on the client computer. The user scans this QR code using the mobile phone. After scanning, in online mode means the network is available on your phone, the generated string (IMEI number and random number) is automatically inserted into the login page. After successfully logging in, the bank's home page will open. So in our system you don't need to remember your password which is the combination of your IMEI number and random number. The server decodes the string using the user's public key and checks that a row exists in the transaction table with our random number, then updates the transaction table row.[5] The server then checks whether the IMEI is correct or not and assigns it to the correct user. If the login is successful, the transaction line is deleted. It means that each time the generated QR code image is different. Now the PHP session is created and when the user logs out the session is destroyed. Offline Authentication System Using the pin code generation algorithm, a unique six-digit number is generated from the encrypted string (IMEI number and random number). The PIN code user must manually enter the login page with his username. To enter the PIN code, the keyboard is available on the screen. So it is not necessary to enter the PIN code using the system keypad. Here our system provides more security. After entering the PIN code server, check the user's IMEI number stored in the database. If the IMEI number is present, the user is valid and then the bank's home page opens. Offline Authentication Sequence Diagram The timestamp is also checked. If the random number is generated before 5 minutes ago, the session is destroyed. And the user is unable to log in. Security In our system, security is more powerful thanks to the QR code and encryption algorithm. A man-in-the-middle attack is unsuccessful in our system because the communication between the- 01, 1184-1187.