A Method of Risk Assessment for Multi-Factor Authentication
暂无分享,去创建一个
User authentication refers to user identification based on something a user knows, something a user has, something a user is or something the user does; it can also take place based on a combination of two or more of such factors. With the increasingly diverse risks in online environments, user authentication methods are also becoming more diversified. This research analyzes user authentication methods being used in various online environments, such as web portals, electronic transactions, financial services and e-government, to identify the characteristics and issues of such authentication methods in order to present a user authentication level system model suitable for different online services. The results of our method are confirmed through a risk assessment and we verify its safety using the testing method presented in OWASP and NIST SP800-63.
[1] Sangjoon Park,et al. Internet X.509 Public Key Infrastructure Subject Identification Method (SIM) , 2006, RFC.
[2] Emmanuel Aroms,et al. NIST Special Publication 800-63 Electronic Authentication Guideline , 2012 .
[3] Marijke De Soete. Two-Factor Authentication , 2011, Encyclopedia of Cryptography and Security.