2017 Second International Conference on Recent Trends and Challenges in Computational Models
Achieving Privacy and Security using QR Code by
means of Encryption Technique in ATM
Malathi V. Balamurugan B.
Assistant Professor, Associate Professor,
RGM College of Engineering and Technology, VIT University,
Nandyal, Vellore,
Malathi21cse@gmail.com kadavulai@gmail.com
Abstract:
Smart Card has complications with validation and
transmission process. Therefore, by using peeping attack, the
secret code was stolen and secret filming while entering Personal
Identification Number at the ATM machine. We intend to develop
an authentication system to banks that protects the asset of user’s.
The data of a user is to be ensured that secure and isolated from
the data leakage and other attacks Therefore, we propose a
system, where ATM machine will have a QR code in which the
information’s are encrypted corresponding to the ATM machine
and a mobile application in the customer’s mobile which will
decrypt the encoded QR information and sends the information
to the server and user’s details are displayed in the ATM machine
and transaction can be done. Now, the user securely enters
information to transfer money without risk of peeping attack in
Automated Teller Machine by just scanning the QR code at the
ATM by mobile application. Here, both the encryption and
decryption technique are carried out by using Triple DES
Algorithm (Data Encryption Standard).
Index Terms— QR Code, DES Algorithm, Peeping Attack.
I. INTRODUCTION
The mainstay of this paper as I proposed that a user
safely enters credentials and information to transfer money
without the risk of peeping attack in Automated Teller
Machine. Currently, banks have become indispensable for our
life. The banks have been used to deposit, withdraw and
balance by people. ATM (Automated Teller Machine) can treat
deposit, withdraw, and so on. ATM is quite convenient for
using various bank accounts from different places where ATM
is. Therefore, many people use ATM instead of the bank.
However, ATM has some problems with authentication and
transfer operation. ATM is needed to type PIN using numeric
keypad during authentication. Therefore, Therefore, by using
peeping attack, the secret code was stolen and secret filming
during typing PIN. Next, as a problem with transfer operation,
it is needed to take a long time while transferring money. As a
result crowd in the ATM.
978-1-5090-4799-4/16 $31.00 © 2017
978-1-5090-4799-4/17 2016 IEEE
DOI 10.1109/ICRTCCM.2017.36
Eshwar S.
Software Engineer,
HTC Global Services Pvt Ltd,
Hyderabad,
eshwarsekar@hotmail.com
As a solution to these problems, there is Internet bank
that can transfer money on the Internet. However, the Internet
bank also has problems. Phishing sites leak Personal
information. Thus, we have used QR code at ATM and the
storage of QR Code is same as the basic QR Code. The
equipped scanners are used to scan QR Code [2]. The black
modules are changed to implement the private level. The
pattern acknowledgement technique that we use to peruse the
second-level data can be utilized both as a part of a private
message sharing and in a confirmation situation. In this
proposed system the print and scan operation are restricted, the
characteristics of QR Code is utilized for privacy and sharing
credentials, The private QR Code protected, and it is mainly
composed of distributed system[4]. Now there is a lossless
connection communication between the authorized
participants. The intruder may use the barcode reader to hack
the credentials.
II. LITERATURE SURVEY
The ARM Processor is used to check the encrypted QR
Code details. The Credit and debit card details are encrypted
using QR code, [9]. Disadvantage: The mobile phones
generates QR Code. As a result, it lacks in security issues. The
author demonstrates that respectability assurance as a
specialized means towards Automated teller machine (ATM)
security is insufficient to set up trust towards ATM clients [11].
The assaults, going for getting into ownership of clients bank
card points of interest and individual ID numbers (PINs) are
involved. The creators concoct an answer that permits
consumers to build up the trust into the ATM respectability
security being set up. The client’s mobile phone assume a focal
part of the faith foundation. The author additionally moves the
PIN far from the conceivably frail ATM's PIN cushion towards
the clients' mobile phone. They have proposed a secured
password in the multiserver environment, and computation cast
security and efficient scheme have improved in this system
[12]. Disadvantage: Due to improved techniques, the
communication cost is also high as well as well as performance
is also low.
279
280
281
 To increase the security in Internet Banking, the 4.2 ARCHITECTURE DESIGN
authentication method used here is OTP which plays a vital role
in authentication. Disadvantage: A machine was rebooted,
using a replica OS live CD [10]. Euclidean distance used for
performing the fingerprint verification between the templates
of the feature vector and the input. Disadvantage: Fingerprint
feature vector [7]. The Euclidean distance is not the single
measure for matching the feature fingerprint vector. The
authentication system classified into single and two-factor
system The Key elements are additional implementation costs,
customer’s preference and market share determine the
Customer Switching, and when a new system fails, an
unexpected loss may occur. To initiate transactions on their
account, the customer needs to subscribe to SMS alerts as a
basis. By using customer PIN and their mobile number, a hash
code is generated by a bank at bank side using algorithm [8].
The message requested for the transaction by the customer is
decrypted by the generated hash key. The main theme is used
to provide additional security layer and existing fortify. Mobile
application decode the encrypted QR code, and at ATM Figure 4.2 Architecture Diagram
Transaction is done. The mobile application needs to be login Here web server acts as an interface between the
by the given account number, and the user needs to scan the Android application and ATM. In the centralized database, we
QR code and transactions can be done efficiently thus reducing have stored all the user's credentials; the user needs to install
crowd at the ATM. the Android app on his/her smart device. First, the user needs
to register their information in the bank website. Once the
registration is successful, then the bank will provide the
account number and OTP password to the registered user. In
III. PROPOSED SYSTEM the Android app, then the registered user need to enter the
We propose a system, where ATM contains a QR code account number and OTP password. User authentication is
where the information’s are encrypted dynamically by means done on the server side, once the server finds the authorized
of encryption technique and a mobile application, which user, and then the user is allowed to set the new password. In
decodes the encrypted information from ATM, and once the the Centralized Database, we have stored the credential
user is a valid user, the user’s information is displayed in the information. Now the user interacts with the ATM. Then the
ATM and the user can do their transaction/withdraw. Once authentication process is done on the server side, then user
the user logout’s, a new encrypted QR code is generated at the information is displayed in the ATM, now the user can do
ATM by means of the dynamic token generator and the new transaction /withdraw. When the user leaves the ATM, the new
transaction can be made by the same/different user. QR code is generated using Dynamic Token Generator.

4.3 MODULE DESCRIPTION

IV. DETAILED DESIGN OF THE PAPER
1. User Authentication module - android
2. QR code scanner module - android
4.1 REQUIREMNETS SPECIFICATION:
3. Web service module - RESTFul/JSON (ASP.NET
4.1.1 Hardware Requirements:
MVC):
¾ Processor : Dual-Core Processor and
4. Database design module- MS SQL server
above
5. Bank website - ASP.NET Web Forms
¾ Ram : 4GB.
6. Dynamic Token and QR Code Generator
¾ Hard Disk : 20GB.
Module - ASP.NET Web forms
¾ Mobile device : Android Mobile Phone
V4.4 and above
¾ Output device : VGA and High
4.3.1. USER AUTHENTICATION-ANDROID:
Resolution Monitor.
In this module, the user is authenticated with the
database whether the user is a registered user or not by the
4.1.2 Software Requirement: account number given to the user at the time of registration in
¾ Operating System : Windows 7, 8, 8.1 and10 bank website. After verification, the user needs to input the
¾ Language : C#.net, Java Script one-time password which is valid for one entry and needs to
¾ Data Bases : SQL Server 2012

282
281
280
change the new password for the mobile application. After this
process, the user logs into the Android Application, and he/she
can use the application for transaction purposes.

Figure 4.3.3 Web Service Module

Figure 4.3.1 User Authentication 4.3.4 DATABASE DESIGN MODULE - MS SQL

4.3.2 QR CODE SCANNER MODULE - ANDROID:
In this module, the user needs to scan the QR code
displayed in the ATM through the registered mobile
application after logging in with the corresponding account
details. Once the user scans the QR code, in the backend the
information are decoded, and it transfers the relevant user
details to the bank server, and in the ATM all the relevant user
details are displayed.
SERVER:
In this module, we are using a centralized database
where all the corresponding information about the user is
display in ATM. When a user is logging into the mobile
application as well as ATM, the web service will communicate
with the centralized database and the information is displayed
on the application and ATM.

Figure 4.3.2 QR Code Scanner

4.3.3 WEB SERVICE MODULE - RESTFUL/JSON
(ASP.NET MVC):
In this module, web service acts as an interface
between the Mobile Application, ATM and the Bank Server.
Here the user details are stored in the database, and web
services utilize the data stored in the database when they
needed, and information's are displayed in the ATM as well as
Mobile Application.
Figure 4.3.4 Database design module
4.3.5 BANK WEBSITE - (ASP.NET WEB FORMS):
In this module, the user enters the credential
information in the bank website to get the account number
these details stored in a centralized database. When the user
login's using the account number and OTP in the mobile app,

283
282
281
In the DB credentials are validated, and the user is logged in. V. SCREENSHOTS

Figure 4.3.5 Bank Website Module

4.3.6. DYNAMIC TOKEN AND QR CODE GENERATOR

MODULE - (.NET WIN FORMS):
In this module, we will be having a simulation of ATM. The
ATM generates progressive token values, which is then
encoded and converted to QR code. The user needs to scan the
QR code and if authenticated, the user will be logged in and
can do a transaction. After the successful operation, a new QR
code will be generated dynamically by a dynamic token
generator.

VI. CONCLUSION AND FUTURE WORK PART

6.1 CONCLUSION:
In this paper, I have proposed a system in which from ATM the
amount can be taken without using Smart cards like debit/credit
card and PIN. In the QR code, the machine information is
encrypted and stored. The information in the QR code can be
scanned by a mobile device using our mobile application which
decrypts the encoded information in the QR code and sends the
information to the server and transactions can be done once it
identifies the validate user. Thus, we conclude that by using our
system, the user can do transactions in ATM without cards as

284
283
282
well as waiting time in ATM is also decreased. Nowadays,
mainstream authentication systems of ATM have high risk.
Since these systems do not have resistance to peeping attack.
Finger vein authentication system and authentication system
using one-time passwords have a vulnerability. For these
reasons, we proposed the system without risk of peeping
attacks. However, this technology displays privacy information
such as payment and payees. It may be able to be read by
unauthorized users. Therefore, the transfer information
displayed on ATM. Illegal users are unable to find out the
confidential information including the user’s privacy.
6.2 FUTURE WORK PART:
The problem is that the users should have basic
knowledge of mobile phone as well as scanning QR code
process, so there is a complication for illiterate peoples. In the
future enhancement of this paper, We can invent QR code
based swipe machines which reduce the usage of smart cards
in retail shopping and disadvantage is online shopping using
smart cards cannot be carried out. We conclude that this system
has resistance to peeping attacks, can make operation time
short, and also can protect user’s privacy.
VII. REFERENCE
[1] .Lin SS, Hu MC, Lee CH, Lee TY. “Efficient QR Code
Beautification With High Quality Visual Content.
Multimedia”, IEEE Transactions,vol.17(9):1515-24., . Sep
2015.
[2]. Tkachenko, I., Puech, W., Destruel, C., Strauss, O.,
Gaudin, J.M. and Guichard, C.” Two level QR code for private
message sharing and document authentication.”IEEE
Transaction: ,vol 11(3) :571 - 583 ,March 2016 .
[3]. Lin YH, Chang YP, Wu JL. Appearance-based QR code
beautifier. Multimedia, IEEE Transactions vol.15(8):2198-
207,Dec 2013.
[4].Lin, Pei-Yu. "Distributed Secret Sharing Approach with
Cheater Prevention based on QR Code." IEEE
Transaction.vol.12(1): 384 - 392 ,Feb 2016.
[5]. Chiang JS, Hsia CH, Li HT. High density QR code with
multi-view scheme. Electronics Letters. Vol 49(22):1381-
3.Oct 2013.
[6]. Khan SH, Akbar MA, Shahzad F, Farooq M, Khan Z.
Secure biometric template generation for multi-factor
authentication. Pattern Recognition.vol. 48(2):458-72. Feb
2015.
[7]. Breebaart J, Buhan I, de Groot K, Kelkboom E.
“Evaluation of a template protection approach to integrate
fingerprint biometrics in a PIN-based payment infrastructure.
285
284
283
Electronic Commerce Research and Applications”.
vo10(6):605-14,Dec 2011.
[8]. Altinkemer K, Wang T. Cost and benefit analysis of
authentication systems. Decision Support Systems. 2011 Jun
30;51(3):394-404.
[9]. Prabakaran G, Bhakkiyalakshmi R. Transmission of Data
Using Arm Based Privacy Protection QR-code. InInternational
Journal of Engineering Development and Research (Vol. 2,
No. 2 (June 2014)). IJEDR.June 2014.
[10]. Tandon A, Sharma R, Sodhiya S, Vincent PM. “QR Code
based secure OTP distribution scheme for Authentication in
Net-Banking”. International Journal of Engineering &
Technology. 0975-4024.,June 2013.
[11]. Petrlic R, Sorge C. Establishing user trust in automated
teller machine integrity. Information Security, IET.
Vol8(2):132-9;Mar 2014.
[12]. Leu JS, Hsieh WB. Efficient and secure dynamic ID-
based remote user authentication scheme for distributed
systems using smart cards. Information Security, IET.;Vol
8(2):104-13. Mar 2014.
[13]. Onwudebelu U, Longe O, Fasola S, Obi NC, Alaba OB.”
Real Time SMS-Based hashing scheme for securing financial
transactions on ATM systems. InAdaptive Science and
Technology (ICAST), 2011 3rd IEEE International Conference
(pp. 1-6). IEEE Nov 2011.
[14] P.Vijayakumar, M.Azees, A.Kannan, L.Jegatha Deborah,
“Dual Authentication and Key Management Techniques for
Secure Data Transmission in Vehicular Ad-hoc Networks”,
IEEE Transactions on Intelligent Transportation Systems,
vol.17,no.4, 1015 - 1028, (2016)
[15] P.Vijayakumar, R.Naresh, L. Jegatha Deborah, SK
Hafizul Islam, “Computation Cost Efficient Group Key
Agreement Protocol for Secure Peer to Peer Communication”,
Security and Communication Networks, Wiley, Accepted for
Publication.DOI:10.1002/Sec. 1578.
[16] S.Audithan, T.S.Murunya,P.Vijayakumar, “Anonymous
Authentication for Secure Mobile Agent Based Internet
Business”, Circuits and Systems (CS), Scientific Research
Publishing