New authentication method for mobile centric communications

This paper proposes a new authentication scheme for accessing contents, services and applications in both mobile device and Internet. A user first divide all the contents, services and applications in both mobile device and the Internet into four groups according to their importance: extremely confidential group (ECG) has security level SL=1, very confidential group (VCG) has SL=2, confidential group (CG) with SL=3 and free accessible group (FAG) with SL=4. If it is Internet content or service or application, the pair of username and password necessary for accessing it is put into the group. In order to access the items in the four groups, four authenticating methods are defined, which generates four active usage levels (AUL). Fingerprint plus password1 authentication generates AUL=1, which grants the right to access all four groups. Fingerprint alone generate AUL=2, which grants the right to access groups of VCG, CG and FAG. Password2 authenticating generates AUL=3, which grants right to access CG and FAG. Null authentication generates AUL=4, which is the default AUL and can only access items in FAG. Once an AUL is generated, user can not only access corresponding groups of information stored in the device but also use that mobile device to access corresponding groups of her/his Web accounts seamlessly without memorizing usernames and passwords. Whenever the user wants to access information stored in the mobile devices, or Web accounts provided by a third party, the security middleware obtains SL required to access them, compares the SL with the AUL. If the AUL is equal to or higher than the SL, the access is granted seamlessly and transparently to the user; otherwise, it asks to authenticate again to gain higher AUL, or the access is denied. After the access right to a device is granted, the user can at any time reset the AUL to 4, or the AUL can be set to 4 automatically after a predefined idle period.

[1]  Carmen Sanchez-Avila,et al.  Microprocessor smart cards with fingerprint user authentication , 2003 .

[2]  Hua Lin,et al.  An intrusion-tolerant password authentication system , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[3]  Lynette I. Millett,et al.  Authentication and Its Privacy Effects , 2003, IEEE Internet Comput..

[4]  Hui Luo,et al.  A common password method for protection of multiple accounts , 2003, 14th IEEE Proceedings on Personal, Indoor and Mobile Radio Communications, 2003. PIMRC 2003..

[5]  M. Mimura,et al.  Fingerprint verification system on smart card , 2002, 2002 Digest of Technical Papers. International Conference on Consumer Electronics (IEEE Cat. No.02CH37300).

[6]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[7]  Yoichi Seto Development of personal authentication systems using fingerprint with smart cards and digital signature technologies , 2002, 7th International Conference on Control, Automation, Robotics and Vision, 2002. ICARCV 2002..

[8]  David M. Kristol,et al.  HTTP State Management Mechanism , 2000, RFC.

[9]  Ravi S. Sandhu Good-Enough Security: Toward a Pragmatic Business-Driven Discipline , 2003, IEEE Internet Comput..