Support Architecture for Multi-Channel, Multi-Factor Authentication
Date: December 7 2007
Publication: IADIS International Conference e-commerce 2007
Page(s): 59 - 66
Source 1: http://www.iadisportal.org/digital-library/a-support-architecture-for-multi-channel-multi-factor-authentication
Source 2: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.545.9237&rep=rep1&type=pdf
Abstract or Summary:
As more and more critically confidential information is managed electronically by distributed information systems, efforts to gain unauthorised access to that information become more prevalent. Traditional authentication mechanisms, such as passwords and PINs, are fairly weak mechanisms for controlling access to critical resources and excluding unauthorised users. This is because mechanisms which utilise only one factor, such as a password or PIN, are increasingly easy to subvert. It has become essential for us to consider making use of multiple mechanisms and/or channels to strengthen security. For instance, an authentication attempt that requires a password to be entered may require verification by means of entry of a one-time password, on another channel, which is delivered to the users registered mobile phone. In this paper we propose an architecture to support multi-channel authentication. The architecture allows a range of authentication channels to be deployed and consults the user about his or her personal preferences within risk-based constraints. The user is given the flexibility to choose from an available selection of channels and mechanisms which will be combined to achieve successful, secure and flexible authentication. Such a mechanism can be associated with a secured resource and thus improve the security of the access mechanism. Furthermore, the personalised choices can be changed by the users, making it easier to foil potential intruders by introducing unpredictability into the system.
Do you have additional information to contribute regarding this research paper? If so, please email email@example.com with the details.