Authentication method with impersonal token cards

Author

Molva, Refik ; Tsudik, Gene

Author_Institution

EURECOM Inst., Valbonne, France

fYear

1993

fDate

24-26 May 1993

Firstpage

56

Lastpage

65

Abstract

The authors describe a novel authentication method whereby the fixed relationship between the user and the device is avoided. They present a method whereby the authentication device, which is a token card, is used solely to provide a secure channel between a human user and an authentication server. Since the communication channel is secured by the card, the user can still utilize weak secrets such as passwords and personal identification numbers for authentication purposes, but, without any risk of exposure. Furthermore, the card´s and the user´s secrets are mutually independent, i.e., the card is impersonal, it can be freely shared by several users. This eliminates the high cost of administration which is typical of existing designs requiring fixed user-device relationship. The method does not require any coupling between the token card and the workstation, which would be difficult to implement on a global scale and retrofit onto existing equipment

Keywords

authorisation; message authentication; smart cards; authentication method; authentication server; communication channel; human user; impersonal token cards; passwords; personal identification numbers; secure channel; Authentication; Costs; Hardware; Humans; Invasive software; Laboratories; Marine vehicles; Pins; Public key cryptography; Workstations;

fLanguage

English

Publisher

ieee

Conference_Titel

Research in Security and Privacy, 1993. Proceedings., 1993 IEEE Computer Society Symposium on

Conference_Location

Oakland, CA

Print_ISBN

0-8186-3370-0

Type

conf

DOI

10.1109/RISP.1993.287643

Filename

287643