Token-based authentication for smartphones

Due to short - but frequent - sessions of smartphone usage, the fast and easy usability of authentication mechanisms in this special environment has a big impact on user acceptance. In this work we propose a user-friendly alternative to common authentication methods (like PINs and patterns). The advantages of the proposed method are its security, fastness, and easy usage, requiring minimal user interaction compared to other authentication techniques currently used on smartphones. The mechanism described uses the presence of a Bluetooth-connected hardware-token to authenticate the user and can easily be implemented on current smartphones. It is based on an authentication protocol which meets the requirements on energy efficiency and limited resources by optimizing the communication effort. A prototype was implemented on an Android smartphone and an MSP430 based MCU. The token allows fast authentication without the need for additional user action. The entire authentication process can be completed in less than one second, the developed software prototype requires no soft- or hardware modifications (like rooting) of the Android phone.