Abstract :
This paper presents a novel authentication scheme called MINHO, which protects users from unauthorized access even when their passwords have been stolen. At the same time, MINHO detects any tries for unauthorized access by attackers. Our idea is to use a mobile phone to send a request with specific parameters to the service provider before the actual authentication process, then, the service provider verifies the pre-authentication parameters during the authentication process. We propose many parameters that can be used with the pre-authentication service such as Authentication Ticket (AT), time, and location. MINHO is a practical scheme that can be used with the current systems, without (hardware/software) changes on the terminal side. It is a cost effective scheme, easy to use, and does not rely on a third party.