Secure Digital Wallet Authentication Protocol
Digital wallets have gained popularity for secure storage of credit cards. They are time saving, secure and track the expenditure. However, with the high dependency of these wallets on client side devices, the risk of data loss and subsequent financial losses due to physical attacks on the device remain high. Server-side wallets, such as PayPal, are secure behind firewalls and are accessible only through valid usernames and passwords. Due to this issue, client-side wallets are vulnerable, thus impacting their popularity and their widespread use. We propose a new wallet authentication scheme that protects mobile digital wallets against physical attacks. Our scheme uses biometric (fingerprint) authentication without actually storing the fingerprint data on the digital wallet, in addition to using hash chaining and dynamic key generation to ensure that the communication between servers and the clients remains mutually authenticated. The prototype has been implemented in hardware and validated through security analysis.