Federated Authentication Mechanism using Cellular Phone - Collaboration with OpenID
暂无分享,去创建一个
OpenID authentication is a method to provide a single sign-on (SSO) service among Internet service sites. OpenID has been widely adopted by blog sites because of its usability and ease of implementation. However, the assurance of the ID in OpenID authentication is a concern because currently anyone can hold accounts on an OpenID provider (OP) simply by sending a registration mail and OPs usually do not check to confirm the real identity of their applicants. In contrast, a telephone company checks the identity of their mobile service users before a contract is completed by referring to such credentials as a driver’s license or passport. Therefore, on a cellular phone, the ID, such as subscriber ID, is assured by the contract process and telephone companies can trace the user’s identity through the ID. In this paper, we propose a federation authentication scheme between Open ID and a cellular phone in order to assure the ID of the OpenID. In addition, by using the cellular phone at user authentication for each service use, secure authentication is also provided.
[1] Yamada Akira,et al. A Mutual Authentication System for Web Server Access by Using Cellar Phone , 2007 .
[2] Birgit Pfitzmann,et al. Privacy in Enterprise Identity Federation - Policies for Liberty Single Signon , 2003, Privacy Enhancing Technologies.