On Improving Feasibility and Security Measures of Online Authentication

Online service is an important driving force behind many of today’s Web 2.0 applications. For security and privacy concerns, authentication is required for all of services that involve online transactions. Authentication is the process of verifying a user’s identity when the user is requesting services from any secure Information System (IS). By far, the most popular authentication technique is a basic username–password based method that is commonly considered to be a weak technique of authentication. A more secure method is the multi–factor authentication that verifies not only username–password pair, but also requires a second or third unique physical or biological factor. The feasibility of multi–factor authentication is inhibited by its deployment intricacy, and by the cost of building, maintaining, and re-deploying the hardware needed by multi–factor authentication as well. The Internet online transactions require a more feasible and secure means of authentication. Toward the ends, we have developed a technique that is a form of two – factor authentication, called SofToken. The SofToken is very cost effective and can also greatly reduces the deployment complexity of the application, while keeping a comparable or even higher level of security to other currently available techniques. In addition, an enhancement that utilized RFID devices is also proposed to advance the portability of the SofToken application for enterprise intranet-extranet environments. This RFID enhancement on SofToken is designed especially for computer system access using two-factor authentication to improve the security measure.