Smart OpenID: A Smart Card Based OpenID Protocol

Abstract : OpenID is a lightweight, easy to implement and deploy approach to Single Sign-On (SSO) and Identity Management (IdM), and has great potential for large scale user adoption especially for mobile applications. At the same time, Mobile Network Operators are increasingly interested in leveraging their existing infrastructure and assets for SSO and IdM. In this paper, we present the concept of Smart OpenID, an enhancement to OpenID which moves part of the OpenID authentication server functionality to the smart card of the user’s device. This seamless, OpenID-conformant protocol allows for scaling security properties, and generally improves the security of OpenID by avoiding the need to send user credentials over the Internet and thus avoid phishing attacks. We also describe our implementation of the Smart OpenID protocol based on an Android phone, which interacts with OpenID-enabled web services.
Type de document :
Communication dans un congrès
Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.75-86, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_7〉
Liste complète des métadonnées

Littérature citée [33 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01518228
Contributeur : Hal Ifip <>
Soumis le : jeudi 4 mai 2017 - 13:45:24
Dernière modification le : jeudi 4 mai 2017 - 14:53:54
Document(s) archivé(s) le : samedi 5 août 2017 - 13:19:08

Fichier

978-3-642-30436-1_7_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Andreas Leicher, Andreas Schmidt, Yogendra Shah. Smart OpenID: A Smart Card Based OpenID Protocol. Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.75-86, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_7〉. 〈hal-01518228〉

Partager

Métriques

Consultations de la notice

57

Téléchargements de fichiers

128