Title :
A mobile based approach to strong authentication on Web
Author :
Me, Gianluigi ; Pirro, Daniele ; Sarrecchia, Roberto
Author_Institution :
Univ. of Rome "Tor Vergata"
Abstract :
The rapid increase of the phishing phenomenon states that the Web authentication systems not based on one time password (OTP) are definitively ineffective in providing financial services. Existent Web authentication systems have been developed on the classic username/password mechanism using a single channel, either mobile or Web, generating an expensive or inadequate authentication system. The proposed solution is a combined Web/mobile authentication system. The basic authentication mechanism is integrated with a challenge/response process and an OTP. The challenge is issued from an authentication server and has to authenticate a mobile device, typically a cell phone. This device can communicate with any other involved parts through a fixed terminal, typically a personal computer, via a Bluetooth connection. The mobile device, once accepted, performs the authentication with the web site or application. This final step is accomplished using a temporary one-time password
Keywords :
Bluetooth; Internet; authorisation; computer crime; message authentication; microcomputers; mobile communication; mobile computing; Bluetooth connection; Web authentication system; Web authentication systems; Web site; World Wide Web; authentication server; financial services; mobile authentication system; mobile device; one time password; password mechanism; personal computer; phishing phenomenon; username mechanism; Authentication; Bluetooth; Costs; Ground penetrating radar; Logic; Microcomputers; Mobile computing; Security; Telephony; Web pages;
Conference_Titel :
Computing in the Global Information Technology, 2006. ICCGI '06. International Multi-Conference on
Conference_Location :
Bucharest
Print_ISBN :
0-7695-2690-X
Electronic_ISBN :
0-7695-2690-X
DOI :
10.1109/ICCGI.2006.2
