2-clickAuth: Optical Challenge-Response Authentication Using Mobile Handsets

2-clickAuth: Optical Challenge-Response Authentication Using Mobile Handsets

Anna Vapen, Nahid Shahmehri
Copyright: © 2011 |Volume: 3 |Issue: 2 |Pages: 18
ISSN: 1937-9412|EISSN: 1937-9404|EISBN13: 9781613508442|DOI: 10.4018/jmcmc.2011040101
Cite Article Cite Article

MLA

Vapen, Anna, and Nahid Shahmehri. "2-clickAuth: Optical Challenge-Response Authentication Using Mobile Handsets." IJMCMC vol.3, no.2 2011: pp.1-18. http://doi.org/10.4018/jmcmc.2011040101

APA

Vapen, A. & Shahmehri, N. (2011). 2-clickAuth: Optical Challenge-Response Authentication Using Mobile Handsets. International Journal of Mobile Computing and Multimedia Communications (IJMCMC), 3(2), 1-18. http://doi.org/10.4018/jmcmc.2011040101

Chicago

Vapen, Anna, and Nahid Shahmehri. "2-clickAuth: Optical Challenge-Response Authentication Using Mobile Handsets," International Journal of Mobile Computing and Multimedia Communications (IJMCMC) 3, no.2: 1-18. http://doi.org/10.4018/jmcmc.2011040101

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Internet users often have usernames and passwords at multiple web sites. To simplify things, many sites support federated identity management, which enables users to have a single account allowing them to log on to different sites by authenticating to a single identity provider. Most identity providers perform authentication using a username and password. Should these credentials be compromised, all of the user’s accounts become compromised. Therefore a more secure authentication method is desirable. This paper implements 2-clickAuth, a multimedia-based challenge-response solution which uses a web camera and a camera phone for authentication. Two-dimensional barcodes are used for the communication between phone and computer, which allows 2-clickAuth to transfer relatively large amounts of data in a short period of time. 2-clickAuth is more secure than passwords while easy to use and distribute. 2-clickAuth is a viable alternative to passwords in systems where enhanced security is desired, but availability, ease-of-use, and cost cannot be compromised. This paper implements an identity provider in the OpenID federated identity management system that uses 2-clickAuth for authentication, making 2-clickAuth available to all users of sites that support OpenID, including Facebook, Sourceforge, and MySpace.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.