International Journal of Science and Research (IJSR) ISSN (Online): 2319-7064 Index Copernicus Value (2015): 78.96 | Impact Factor (2015): 6.391 Volume 6 Issue 2, February 2017 www.ijsr.net Licensed Under Creative Commons Attribution CC BY An Efficient Trust Model for Online Application using 2-Factor Authentication and Token Based Authentication Varsha Jotwani 1 , Dr. Amit Dutta 2 1 Research Scholar, AISECT University, Department of Computer Science, Bhopal, India 2 Deputy Director, AICTE, New Delhi, India Abstract: Here in this paper security of E-commerce applications using an efficient Two Factor Authentication using Smart Card based Authentication and token based authentication is implemented which provides security from various attacks. Although various Trust Models are implemented for the security of E-commerce applications, but the techniques implemented takes more Storage Cost as well as suffers from User Revocation and Escrow Problem. Hence to overcome these limitations a new and efficient technique using Two Factor Authentications is implemented which not only minimizes the Storage Cost but also provides High User Revocation and Proxy Re- encryption. Keywords: Smart Card based Authentication; Token based Authentication; Encryption 1. Introduction Security in computers is information protection from unauthorized or accidental disclosure while the information is in transmission and while information is in storage. Authentication protocols provide two entities to ensure that the counterparty is the intended one whom he attempts to communicate with over an insecure network. These protocols can be considered from three dimensions: type, efficiency, and security. Two Servers Password Authentication Two server authentication mechanisms are considered to be secure for authenticating a user in Internet based environment. As the number of services provided online is day by day increasing, users intending to use various online services are also increasing. With each service requiring the user to register separately, the overhead of remembering many user (Identity) ID /password pairs has lead to the problem of memorable. In this paper, proposed a two-server password authenticated key agreement mechanism using password where the user needs to recognize his secret key. The practical two-server password authentication and key exchange system that is secure against offline dictionary attacks by servers when they are controlled by adversaries. Two Server Systems The concept of a user id and password is a cost effective and efficient method. Identifying and allowing the authorized user to access the resources is one of the key aspects of authentication system. In today’s computer era, there are so many vulnerabilities occurred based on internet. So, we have to design the application with high security. If there are any flaws, then it will be easily broken and an intruder can easily intrude. A single server system is a system in which the password will be stored in a single server as shown in Figure 1. While considering the authentication system based on a single server, there are some drawbacks. The single server system is vulnerable to all sorts of attacks from intruders. The intruder can hack the system by trying all possible keys till the system gets compromised is the most successful in the single server system and exhaustive search also can be successful as shown in Figure 2. 2. Related work Figure 1: Block Diagram of a Single Server System. Figure 2: Example of single server system hacked by Intruder Password authentication with smart card is one of the most convenient and effective two-factor authentication mechanisms for remote systems to assure one communicating party of the legitimacy of the corresponding party by acquisition of corroborative evidence. This technique has been widely deployed for various kinds of authentication applications, such as remote host login, online banking, e-commerce, and e-health [1]. In addition, it constitutes the basis of three-factor authentication [2]. However, there still exists challenges in both security and performance aspects due to the stringent security requirements and resource strained characteristics of the clients [3, 4]. Introduced the first remote user authentication scheme using smart cards there have been many of such schemes proposed Paper ID: ART20171110 1970