SECURE ACCESS CONTROL VIA BIOMETRIC VERIFICATION, TOTP, AND BLACKLIST ENFORCEMENT
DOI:
https://doi.org/10.63503/c.acset.2025.12Keywords:
Biometric Authentication, Face Recognition, Time-based One Time Password (TOTP), Multifactor Authentication (MFA), Blacklist EnforcementAbstract
As cyber security threats continue to evolve, the limitations of conventional authentication mechanisms have become increasingly evident, necessitating the adoption of advanced, multi-factor security frameworks. This research introduces a robust access control architecture that seamlessly integrates biometric facial recognition, Time-based One-Time Password (TOTP) verification, and a dynamic blacklist enforcement mechanism. The system's first line of defense leverages real-time facial detection and recognition to ensure accurate and efficient identification of authorized users based on unique biometric traits. To counter risks such as credential compromise and biometric spoofing, the framework incorporates TOTP as a secondary authentication factor, employing secure cryptographic algorithms to generate user- specific, time-sensitive codes. Furthermore, the inclusion of a dynamic blacklist protocol enables the prompt identification and restriction of access to unauthorized or previously flagged entities. This component is augmented with automated alerting and detailed logging to support real- time monitoring, auditing, and incident response. Experimental evaluations demonstrate that the proposed system achieves high authentication accuracy, enhanced resistance to spoofing and replay attacks, and increased operational robustness. Its modular and scalable design facilitates seamless integration into diverse high-security environments, including governmental, corporate, and critical infrastructure settings. By uniting biometric verification, cryptographic token-based authentication, and proactive access control, this framework presents a comprehensive and resilient solution to contemporary access management challenges.
References
1. Y. Tok, N. Katuk, and A. Arif, “Smart Home Multi-Factor Authentication Using Face Recognition and One-Time Password on Smartphone,” Int. J. Interact. Mobile Technol. (iJIM), vol. 15, no. 24, pp. 32–48, Dec. 2021, doi: 10.3991/ijim.v15i24.25393.
2. H. L. Gururaj, B. C. Soundarya, S. Priya, J. Shreyas, and F. Flammini, “A Comprehensive Review of Face Recognition Techniques, Trends, and Challenges,” IEEE Access, vol. 12, pp. 107903–107926, 2024, doi: 10.1109/ACCESS.2024.3424933.
3. Y. Liu, “Analysis of Multi-Factor Authentication (MFA) Schemes in Zero Trust Architecture (ZTA): Current State, Challenges, and Future Trends,” Int. J. Comput. Appl., vol. 186, no. 57, pp. 30–36, Dec. 2024, doi: 10.5120/ijca2024924310.
4. IEEE Standards Association, IEEE Standard for Technical Requirements for Face Recognition, IEEE Std 2945-2023, pp. 1–52, 2023, doi: 10.1109/IEEESTD.2023.10122991.
5. IEEE Standards Association, IEEE Standard for Biometric Multi-modal Fusion, IEEE Std 2859-2023, pp. 1–38, 2023, doi: 10.1109/IEEESTD.2023.10077129.
6.S. M’Raihi, M. Machani, M. Pei, and J. Rydell, TOTP: Time-Based One-Time Password Algorithm, RFC 6238, IETF, May 2011. [Online]. Available: https://www.rfc-editor.org/rfc/rfc6238
7. R. Cong, Y. Liu, K. Tago, R. Li, H. Asaeda, and Q. Jin, “Individual-Initiated Auditable Access Control for Privacy-Preserved IoT Data Sharing with Blockchain,” in Proc. IEEE Int. Conf. Commun. Workshops (ICC Workshops), Montreal, QC, Canada, 2021, pp. 1–6, doi: 10.1109/ICCWorkshops50388.2021.9473508.
8. N. Yang, “Design of Embedded Intelligent Face Recognition Access Control System,” in Proc. Int. Wireless Commun. Mobile Comput. (IWCMC), Harbin, China, 2021, pp. 1189–1192, doi: 10.1109/IWCMC51323.2021.9498683.
9. L. Li, X. Mu, S. Li, and H. Peng, “A Review of Face Recognition Technology,” IEEE Access, vol. 8, pp. 139110–139120, 2020.
10. M. K. Hasan, M. S. Ahsan, S. H. S. Newaz, and G. M. Lee, “Human Face Detection Techniques: A Comprehensive Review and Future Research Directions,” Electronics, vol. 10, no. 19, p. 2354, Sep. 2021.
11. M. Yang, S. Wang, and J. Li, “Design of Embedded Intelligent Face Recognition Access Control System,” in Proc. IEEE Int. Conf. Consum. Electron. Comput. Eng. (ICCECE), Guangzhou, China, 2021, pp. 519–522, doi: 10.1109/ICCECE51280.2021.9498683.
12. Y. Liu et al., “Real-Time Continuous Activity Recognition with a Commercial mmWave Radar,” IEEE Trans. Mobile Comput., vol. 24, no. 3, pp. 1684–1698, Mar. 2025, doi: 10.1109/TMC.2024.3483813.
13. A. B. Sofian et al., “Enhancing Authentication Security: Analyzing Time-Based One-Time Password Systems,” Int. J. Comput. Technol. Sci., vol. 1, no. 3, pp. 7–14, Jul. 2024.
14. L. E. Almeida et al., “One-Time Passwords: A Literary Review of Different Protocols and Their Applications,” in Commun. Comput. Inf. Sci., vol. 2068, pp. 205–219, Springer, 2024.
15. A. A. A. A. Alshammari, M. A. Alzain, and S. A. Alqahtani, “Mobile-Based Facial Recognition Using OTP Verification for Voting System,” in Proc. Int. Conf. Comput., Commun. Control Technol. (I4CT), Kuching, Malaysia, 2015, pp. 1–6, doi: 10.1109/I4CT.2015.7219589.
16. A. Rathi and Subbulakshmi, “Law Enforcement Facial Recognition System for Crime,” Int. J. Sci. Res. Eng. Manag., vol. 9, pp. 1–9, 2025, doi: 10.55041/IJSREM43842.
17. D. Ray, “A Face Recognition Based Attendance System with Geolocation and Real-Time Action Logging,” Res. Square, preprint, 2025, doi: 10.21203/rs.3.rs-5931462/v1.
18. C. Yang, J. Jin, Z. Ning, Z. Li, T. T. A. Dinh, and J. Zhou, “Group Time-Based One-Time Passwords and its Application to Efficient Privacy-Preserving Proof of Location,” in Proc. Annu. Comput. Security Appl. Conf. (ACSAC), 2021, pp. 172–183.
19. R. K. Senapati, I. Gondra, P. Panyala, and P. Prasad, “Real-Time Compressed Domain Face Recognition Using Deep Learning,” in Proc. Int. Conf. Recent Trends Microelectron., Autom., Comput. Commun. Syst. (ICMACC), Hyderabad, India, 2024, pp. 298–302, doi: 10.1109/ICMACC62921.2024.10893897.
20. A. Okumura, S. Komeiji, M. Sakaguchi, M. Tabuchi, and H. Hattori, “Identity Verification Using Face Recognition for Artificial-Intelligence Electronic Forms with Speech Interaction,” in Lecture Notes Comput. Sci., vol. 11528, pp. 52–66, Springer, 2019, doi: 10.1007/978-3-030-22351-9_4.
21. M. A. Hassan, Z. Shukur, and M. K. Hasan, “An Improved Time-Based One-Time Password Authentication Framework for Electronic Payments,” Int. J. Adv. Comput. Sci. Appl. (IJACSA), vol. 11, no. 11, pp. 359–366, 2020, doi: 10.14569/IJACSA.2020.0111146.
22. S. Zavrak, S. Yilmaz, H. Bodur, and S. Toklu, “The Implementation of Two-Factor Web Authentication System Based on Facial Recognition,” Glob. J. Comput. Sci. Theory Res., vol. 7, no. 2, pp. 92–101, 2018, doi: 10.18844/gjcs.v7i2.3448.
23. A. Kumar, A. Khan, and P. Kiran, “Face Recognition Based Attendance Management System,” Zenodo, 2024, doi: 10.5281/zenodo.12787806.
24. D. Ceneda, A. Arleo, T. Gschwandtner, and S. Miksch, “Show Me Your Face: Towards an Automated Method to Provide Timely Guidance in Visual Analytics,” IEEE Trans. Vis. Comput. Graphics, vol. 28, no. 12, pp. 4570–4581, Dec. 2022, doi: 10.1109/TVCG.2021.3094870.
25. J. Solomon, O. Okidi, J. Emmanuel, S. Shaibu, V. Victor, and E. Ola, “Design and Implementation of Two-Factor Authentication (2FA) through Facial Recognition and Password/Code for Social Media,” Int. J. Innov. Sci. Res. Technol., vol. 10, no. 3, pp. 895–903, 2025, doi: 10.38124/ijisrt/25mar438.
26. A. Biswas, S. A. Patnaik, A. H. A. Hafez, and A. M. Namboodiri, “Characterizing Face Recognition for Resource-Efficient Deployment on Edge,” in Proc. IEEE/CVF Conf. Comput. Vis. Pattern Recognit. Workshops (CVPRW), New Orleans, LA, USA, 2022, pp. 3510–3519, doi: 10.1109/CVPRW56347.2022.00373.
27. H. Drira, B. Ben Amor, A. Srivastava, M. Daoudi, and R. Slama, “3D Face Recognition under Expressions, Occlusions, and Pose Variations,” IEEE Trans. Pattern Anal. Mach. Intell., vol. 35, no. 9, pp. 2270–2283, Sep. 2013.
