Enhancing CardSpace Authentication Using a Mobile Device

被引:0
作者
Al-Sinani, Haitham S. [1 ]
Mitchell, Chris J. [1 ]
机构
[1] Univ London, Informat Secur Grp, London WC1E 7HU, England
来源
DATA AND APPLICATIONS SECURITY AND PRIVACY XXV | 2011年 / 6818卷
关键词
CardSpace; OTP; mobile device; authentication; ACCESS;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In this paper we propose a simple, novel scheme for using a mobile device to enhance CardSpace authentication. During the process of user authentication on a PC using CardSpace, a random and short-lived one-time password is sent to the user's mobile device; this must then be entered into the PC by the user when prompted. The scheme does not require any changes to login servers, the CardSpace identity selector, or to the mobile device itself. We specify the scheme and give details of a proof-of-concept prototype. Security and operational analyses are also provided.
引用
收藏
页码:201 / 216
页数:16
相关论文
共 22 条
  • [1] Abdelhameed R., 2005, Journal of Computer Sciences, V1, P200, DOI 10.3844/jcssp.2005.200.203
  • [2] Al-Sinani H.S., 2010, RHULMA201015 DEP MAT
  • [3] Al-Sinani HS, 2010, IFIP ADV INF COMM TE, V343, P18
  • [4] Al-Sinani HS, 2010, P 9 S ID TRUST INT I, P12
  • [5] Aloul F., 2009, AICCSA 2009 MAY, P641
  • [6] Alqattan A., 2007, 2 FACTOR AUTHENTICAT
  • [7] [Anonymous], UNDERSTANDING WINDOW
  • [8] Florêncio D, 2008, LECT NOTES COMPUT SC, V5222, P401, DOI 10.1007/978-3-540-85886-7_28
  • [9] Guthery S. B., 2002, MOBILE APPL DEV SMS
  • [10] Hart J, 2010, LECT NOTES COMPUT SC, V6033, P229, DOI 10.1007/978-3-642-12368-9_17
123