Title :
Authentication method with impersonal token cards
Author :
Molva, Refik ; Tsudik, Gene
Author_Institution :
EURECOM Inst., Valbonne, France
Abstract :
The authors describe a novel authentication method whereby the fixed relationship between the user and the device is avoided. They present a method whereby the authentication device, which is a token card, is used solely to provide a secure channel between a human user and an authentication server. Since the communication channel is secured by the card, the user can still utilize weak secrets such as passwords and personal identification numbers for authentication purposes, but, without any risk of exposure. Furthermore, the card´s and the user´s secrets are mutually independent, i.e., the card is impersonal, it can be freely shared by several users. This eliminates the high cost of administration which is typical of existing designs requiring fixed user-device relationship. The method does not require any coupling between the token card and the workstation, which would be difficult to implement on a global scale and retrofit onto existing equipment
Keywords :
authorisation; message authentication; smart cards; authentication method; authentication server; communication channel; human user; impersonal token cards; passwords; personal identification numbers; secure channel; Authentication; Costs; Hardware; Humans; Invasive software; Laboratories; Marine vehicles; Pins; Public key cryptography; Workstations;
Conference_Titel :
Research in Security and Privacy, 1993. Proceedings., 1993 IEEE Computer Society Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-3370-0
DOI :
10.1109/RISP.1993.287643
