At present, network users have to remember a user-name and a corresponding password for every service with which they are registered. Single sign-on (SSO) has been proposed as a solution to the usability, security and management implications of this situation. Under SSO, users authenticate themselves only once to an entity termed the 'authentication service provider' (ASP) and subsequently use disparate service providers (SPs) without re-authenticating. The information about the user's authentication status is handled between the ASP and the desired SP in a manner transparent to the user. We propose an SSO protocol where a GSM or UMTS operator plays the role of the ASP and by which its subscribers can be authenticated to SPs without any user interaction and in a way that preserves the user's privacy and mobility. The protocol requires only minimal changes to the deployed GSM infrastructure.
[1]
Chris J. Mitchell,et al.
Using GSM to enhance e-commerce security
,
2002,
WMC '02.
[2]
Alfred Menezes,et al.
Handbook of Applied Cryptography
,
2018
.
[3]
Gerhard Goos,et al.
State of the Art in Applied Cryptography
,
1998,
Lecture Notes in Computer Science.
[4]
Joos Vandewalle,et al.
Combining World Wide Web and wireless security
,
2001,
Informatica.
[5]
Klaus Vedder.
GSM: Security, Services, and the SIM
,
1997,
State of the Art in Applied Cryptography.
[6]
Jan De Clercq,et al.
Single Sign-On Architectures
,
2002,
InfraSec.
[7]
Roger J. Sutton.
Secure Communications: Applications and Management
,
2002
.