Smart Mobile Device Based Authentication Token Analysis And Design

The information technology and network technology have been developed so rapidly that the physical authentication token which is the key part of access control system has been large-scale applied. In this situation, there are new challenges to the person's life and work. Due to the lack of the interoperability between the identity authentication systems, people need several tokens to login to the corresponding system. It induces not only the backwards of the usability but also the security. Smart mobile device based identity authentication token which is a soft token integrated to the smart mobile platform have the full authentication function of physical token and the sufficiently security. By the way of installing many soft tokens on one device, we can efficiently solve the problem of complicated circumstances and security.Presently the security authentication system have been applied extensively in the international world, EMC/RSA which is the market leader has released the smart mobile device based SecurID token authentication system, and some emerging companies such as WiKID and PhoneFactor also launched the smart mobile platform based authentication system. But in domestic, authentication system use generally USBKEY and Smartcard, the development of smart mobile device based authentication system is just in the beginning period.This paper gets the conclusion of the feasibility of the integration, by analyzing the features of token and smart mobile device. According to the features of smart mobile platform, we proposed three token design schemes: challenge/respond based token design, dynamic password based token design and KEY based token design; described the structure and execution procedure of each token design; and built the authentication system model according to the each token design scheme. In the design scheme of challenge/respond based token, we used the challenge/respond authentication protocol; proposed a way which make the result which from the PIN several times iteration of the HASH function to be the encryption key of seed file to form the two-factor authentication mode and proved that this design can resist the violent attack. In the design scheme of dynamic password token, we design the OTP based token and time based token, according to the difference of seed sharing mechanics and authentication protocol. The critical technology of the dynamic password based token is synchronization mechanics between token and authentication servers, we adopt the close-interval mechanics to get rid of the matching problem, and used the windows-synchronization mechanics in the time various based token design. In order to accommodate the limits of screen display of mobile platform, we convert the result of the HASH function which is compressed by a dictionary, this design can provide more usability when input and output the passcode. In the KEY based which also means PKI based token design scheme, we build an authentication system model which is composed by soft token, trusted third-party and the authentication server in the framework of PKI. In order to improve the performance and efficiency, we use a fast modular multiplication and exponentiation algorithm which is the combination of Montogomery and M-ary method. This paper discusses the security analysis of the mobile based token design scheme from three perspectives which are algorithm, platform, and the system; proved that the security is sufficient for present situation.The significance of this paper is that we proposed three smart mobile devices based token design scheme by analyzing the real data of the features of the authentication token and the smart mobile device; resolved the problems of how to become two-factors authentication mode; how to synchronize authentication; how to implement the fast modular multiplication and exponentiation computation. And we provide a smart mobile device based authentication system design model; resolve the problem of backwards of usability and security which is the result of the lack of interoperability between authentication systems.