Abstract
This paper presents a privacy-friendly mobile authentication solution. It addresses several shortcomings of conventional methods, such as passwords and smartcard solutions. It also meets the needs of an increasingly mobile user. Trust in the client computer is minimal and the authentication is entirely delegated to the smartphone, which makes it portable across different workstations. Our approach involves authentication using securely stored credentials on the smartphone. The client workstation does not need to be modified, whereas only minor changes to the Web server are required.
Chapter PDF
Similar content being viewed by others
References
Bender, J., Kügler, D., Margraf, M., Naumann, I.: Sicherheitsmechanismen für kontaktlose chips im deutschen elektronischen personalausweis. Datenschutz und Datensicherheit - DuD (2008)
Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Atluri, V. (ed.) ACM Conference on Computer and Communications Security, pp. 21–30. ACM (2002)
Cameron, K.: The 7 laws of identity. The Identity Weblog (January 2006)
Chadwick, D.W.: Federated Identity Management. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD V. LNCS, vol. 5705, pp. 96–120. Springer, Heidelberg (2009)
Chaos Computer Club. Chaos computer club analyzes government malware. Technical report, Chaos Computer Club (2011)
Giesecke, Devrient: Mobile security card se 1.0: A secure flash solution (2010), http://www.gi-de.com/gd_media/media/en/documents/brochures/mobile_security_2/Mobile-Security-Card-SE-1-0_EN.pdf
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium, pp. 303–320 (2004)
Dodson, B., Sengupta, D., Boneh, D., Lam, M.S.: Secure, consumer-friendly web authentication and payments with a phone. In: Conference on Mobile Computing, Applications, and Services (MobiCASE 2010), Santa Clara, CA, USA (2010)
Dorrans, B.: An introduction to cardspace
Pala, M., Sinclair, S., Smith, S.W.: PorKI: Portable PKI Credentials via Proxy Certificates. In: Camenisch, J., Lambrinoudakis, C. (eds.) EuroPKI 2010. LNCS, vol. 6711, pp. 1–16. Springer, Heidelberg (2011)
Tsyrklevich, E., Tsyrklevich, V.: Single sign-on for the internet: a security story. Technical report (2007)
Verslype, K., De Decker, B.: Measuring the user′s anonymity when disclosing personal properties. In: MetriSec. IEEE (2010)
Vossaert, J., Lapon, J., De Decker, B., Naessens, V.: User-Centric Identity Management Using Trusted Modules. In: Camenisch, J., Lambrinoudakis, C. (eds.) EuroPKI 2010. LNCS, vol. 6711, pp. 155–170. Springer, Heidelberg (2011)
Vossaert, J., Verhaeghe, P., De Decker, B., Naessens, V.: A Smart Card Based Solution for User-Centric Identity Management. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity 2010. IFIP AICT, vol. 352, pp. 164–177. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Boukayoua, F., Vossaert, J., De Decker, B., Naessens, V. (2012). Using a Smartphone to Access Personalized Web Services on a Workstation. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2011. IFIP Advances in Information and Communication Technology, vol 375. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31668-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-31668-5_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31667-8
Online ISBN: 978-3-642-31668-5
eBook Packages: Computer ScienceComputer Science (R0)