UAuth: A Strong Authentication Method from Personal Devices to Multi-accounts
DOI:
https://doi.org/10.4108/eai.5-10-2015.150479Keywords:
Authentication, Mobile terminal, Multi-accountsAbstract
In this paper we present UAuth, a two-layer authentication framework that provides more security assurances than two-factor authentication while offering a simpler authentication experience. When authenticating, users first verified their static credentials (such as password, fingerprint, etc.) on their devices to achieve the local-layer authentication, then submit the OTP-signed response generated by their device to the server to complete the server-layer authentication. We also propose the three-level account association mechanism, which establishes the association among devices, users and services, and then creates a mapping from user’s devices to user’s accounts. Users can gain access to different service via any device in the association easily. Our goal is to provide a quick and convenient SSO-like login process on the basis of security authentication. To meet the goal, we implement our UAuth, and evaluate our designs.
Downloads
Published
Issue
Section
License
Copyright (c) 2022 EAI Endorsed Transactions on Security and Safety
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
This is an open-access article distributed under the terms of the Creative Commons Attribution CC BY 4.0 license, which permits unlimited use, distribution, and reproduction in any medium so long as the original work is properly cited.
