Enhancing OTP Security with Private Blockchain, Geolocation And AI: A Decentralized and PrivacyPreserving Mobile Identity Authentication Framework

Abstract

One-Time Password (OTP) authentication is an important tool in protecting online banking, financial services, and online platforms. Nevertheless, the classical OTP systems, which are often based on centralized provision of SMS or email, are becoming susceptible to advanced cyberattacks, including SIM swap fraud, phishing, session jacking, and device spoofing. This study provides an in-depth mobile identity authentication system that would increase the security of OTP by combining the use of private blockchain, artificial intelligence (AI), and contextual verification through geolocation. The framework uses Hyperledger Fabric to decentralize identity verification and user privacy is ensured by a hybrid on-chain/off-chain data model, which is backed by smart contracts. Anomaly detection models based on AI and trained on behavioral patterns of SIM usages and previously known fraud cases have an accuracy rate of 85% when it comes to detecting realtime attacks of SIM swapping. Geolocation authentication, a geo-hashing method-based approach, is a further development of contextual trust by authenticating OTP requests only within defined and trusted geographic areas with an accuracy of 90 percent. Besides that, the system also engages in decentralized Know-Your-Customer (KYC) verification, which can guarantee privacypreserving mobile identity management. It developed a full-fledged prototype that was tested showing the performance of less than 500 milliseconds latency, high transaction throughput, and proper fraud detection. The APIs that are based on microservices are flexible and interoperable with mobile network operators (MNOs) and service providers. With a combination of these technologies, the framework can augment the reliability and security of the OTP-based authentication considerably. This work describes the severe shortcomings of existing centralized OTPs and a scalable and privacy-sensitive way to provide mobile and digital identity ecosystems in the future