Smart OpenID: A Smart Card Based OpenID Protocol - Information Security and Privacy Research
Conference Papers Year : 2012

Smart OpenID: A Smart Card Based OpenID Protocol

Andreas Leicher
  • Function : Author
  • PersonId : 1007472
Andreas U. Schmidt
  • Function : Author
  • PersonId : 1007473
Yogendra Shah
  • Function : Author
  • PersonId : 1007474

Abstract

OpenID is a lightweight, easy to implement and deploy approach to Single Sign-On (SSO) and Identity Management (IdM), and has great potential for large scale user adoption especially for mobile applications. At the same time, Mobile Network Operators are increasingly interested in leveraging their existing infrastructure and assets for SSO and IdM. In this paper, we present the concept of Smart OpenID, an enhancement to OpenID which moves part of the OpenID authentication server functionality to the smart card of the user’s device. This seamless, OpenID-conformant protocol allows for scaling security properties, and generally improves the security of OpenID by avoiding the need to send user credentials over the Internet and thus avoid phishing attacks. We also describe our implementation of the Smart OpenID protocol based on an Android phone, which interacts with OpenID-enabled web services.
Fichier principal
Vignette du fichier
978-3-642-30436-1_7_Chapter.pdf (249.34 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01518228 , version 1 (04-05-2017)

Licence

Identifiers

Cite

Andreas Leicher, Andreas U. Schmidt, Yogendra Shah. Smart OpenID: A Smart Card Based OpenID Protocol. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. pp.75-86, ⟨10.1007/978-3-642-30436-1_7⟩. ⟨hal-01518228⟩
167 View
538 Download

Altmetric

Share

More