QRToken: Unifying Authentication Framework to Protect User Online Identity

This paper proposes an asymmetric key based authentication framework, QRToken, for easy - to - use login to websites, SSH servers, etc., QRToken authentication use client - side locally stored RSA private key to encrypt identification information as well as other parameters, and prese nt a QR code in the form of a small two - dimensional picture that encodes the encrypted information. User takes a picture of the QR code with the cell phone camera and sends it as a cryptographic response to the server to complete the authentication process. We believe the simple act of scanning QR code for authentication brings ease in management and enhances user experience. Our framework supports QRToken both as a software application and as a hardware device. It can also be made available to every websit e with our SDK package installed, due to the use of asymmetric - key mechanism. We also illustrate how to combine both software and hardware based approach as a two - factor authentication mechanism to further strengthen security.