Ben Dodson : 2010 Security Workshop


Friday, April 30, 2010
Location: Fisher Conference Center, Arrillaga Alumni Center

"Snap2Pass: Consumer-Friendly Challenge-Response Authentication with a Phone"


Snap2Pass is a challenge-response authentication system for web applications that is easy to use, provides strong security guarantees, and requires no browser extensions. The system uses QR codes which are small two-dimensional pictures that encode digital data. When logging in to a site, the web server sends the PC browser a QR code that encodes a cryptographic challenge; the user takes a picture of the QR code with his cell phone camera which results in a cryptographic response sent to the server; the web server then logs the PC browser in.

We also present Snap2Pay, an extension of the Snap2Pass user experience for online payments. Snap2Pay allows a consumer to use one-time credit cards as well as the Verified by Visa or Mastercard SecureCode services securely and easily with just a snap of a QR code.


Ben Dodson is an incoming PhD student focusing on mobile distributed systems. After graduating from the University of Pennsylvania with a degree in Computer Science and Mathematics, he worked for two years at a healthcare startup, Hx Technologies. His main contributions included development of the iSpan Master Patient Index system for deduplicating patient demographics among hospital databases, using machine learning techniques. He also worked towards compliance under the IHE standard for managing distributed electronic medical records, and built compatible Document Registry and Document Consumer components. Ben is also the lead developer of the web-based media streaming application, Jinzora.