Ubiquitous One-Time Password Service using the Generic Authentication Architecture
Author(s): Chunhua Chen, Chris J. Mitchell, Shaohua Tang

Date: July 2011
Publication: Mobile Networks and Applications
Publisher: Springer
Source 1: http://www.chrismitchell.net/Papers/uotpsu3.pdf
Source 2: http://digirep.rhul.ac.uk/items/54f38e18-91e8-e1ad-84f7-a080782dd5d8/8/uotpsu2.pdf
Source 3: http://dx.doi.org/10.1007/s11036-011-0329-z - Subscription or payment required

Abstract or Summary:
The Generic Authentication Architecture (GAA) is a standardised extension to the mobile authentication infrastructure that enables the provision of security services, such as key establishment, to network applications. In this paper we first show how Trusted Computing can be extended in a GAA-like framework to offer new security services. We then propose a general scheme that converts a simple static password authentication mechanism into a one-time password (OTP) system using the GAA key establishment service. The scheme employs a GAA-enabled user device and a GAA-aware server. Most importantly, unlike most OTP systems using a dedicated key-bearing token, the user device does not need to be user or server specific, and can be used in the protocol with no registration or configuration (except for the installation of the necessary application software). We also give two practical instantiations of the general scheme, building firstly on the mobile authentication infrastructure and secondly on Trusted Computing. The practical systems are secure, scalable, fit well to the multi-institution scenario, and enable the provision of ubiquitous and on-demand OTP services.

Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com