Using the mobile phone as a security token for unified authentication

Author

Hallsteinsen, Steffen ; Jorstad, Ivar ; Do Van Thanh

Author_Institution

Norwegian Univ. of Sci. & Technol., Trondheim

fYear

2007

fDate

25-31 Aug. 2007

Firstpage

68

Lastpage

68

Abstract

The number of different identities and credentials used for authentication towards services on the Internet has increased beyond the manageable. Still, the most common authentication scheme is based on usernames and passwords. This is a weak authentication mechanism, which can be broken by eavesdropping on the network connection or by sloppy handling by the users (e.g. re-use of the same password for different services, writing down the passwords on paper etc.). Also, management of user credentials is a costly task for most companies, estimated by IDC to around 200-300 USD pr. user/year. Hence, better solutions for simplified, yet secure authentication, is required in the future. This paper proposes and describes an authentication scheme based on a One-Time Password (OTP) MIDlet running on a mobile phone for unified authentication towards any type of service on the Internet.

Keywords

Internet; message authentication; mobile handsets; telecommunication security; Internet; OTP; mobile phone; one-time password; security token; unified authentication; Authentication; GSM; Hardware; Identity management systems; Mobile communication; Mobile handsets; Network servers; Security; Telematics; Web and internet services; authentcation; mobility;

fLanguage

English

Publisher

ieee

Conference_Titel

Systems and Networks Communications, 2007. ICSNC 2007. Second International Conference on

Conference_Location

Cap Esterel

Print_ISBN

0-7695-2938-0

Electronic_ISBN

978-0-7695-2938-7

Type

conf

DOI

10.1109/ICSNC.2007.82

Filename

4300040