Research Article
UAuth: A Strong Authentication Method from Personal Devices to Multi-accounts
@ARTICLE{10.4108/eai.5-10-2015.150479, author={Yazhe Wang and Mingming Mingming Hu and Chen Li}, title={UAuth: A Strong Authentication Method from Personal Devices to Multi-accounts}, journal={EAI Endorsed Transactions on Security and Safety}, volume={2}, number={4}, publisher={EAI}, journal_a={SESA}, year={2015}, month={10}, keywords={Authentication, Mobile terminal, Multi-accounts}, doi={10.4108/eai.5-10-2015.150479} }- Yazhe Wang
Mingming Mingming Hu
Chen Li
Year: 2015
UAuth: A Strong Authentication Method from Personal Devices to Multi-accounts
SESA
EAI
DOI: 10.4108/eai.5-10-2015.150479
Abstract
In this paper we present UAuth, a two-layer authentication framework that provides more security assurances than two-factor authentication while offering a simpler authentication experience. When authenticating, users first verified their static credentials (such as password, fingerprint, etc.) on their devices to achieve the local-layer authentication, then submit the OTP-signed response generated by their device to the server to complete the server-layer authentication. We also propose the three-level account association mechanism, which establishes the association among devices, users and services, and then creates a mapping from user’s devices to user’s accounts. Users can gain access to different service via any device in the association easily. Our goal is to provide a quick and convenient SSO-like login process on the basis of security authentication. To meet the goal, we implement our UAuth, and evaluate our designs.
Copyright © 2015 Mingming Hu et al., licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.