| Username/password is one of the most frequently-used mechanisms of authentication and it is widely used for identifying users in operation systems and web application systems,e.g.,E-mail systems,e-banking systems,etc.. With the development of the Internet and Web application,authentication based\ on Username/password faces serious problems including password management and threats from Phishing attacks.This paper proposes a novel digital identity management system,SmartID, which uses a smart phone as a platform to manage user's Web digital identities. The hardware of SmartID mainly includes a smart phone equipped with Bluetooth,which is quite popular now.With such smart phone,Login user interface(LUI) authentication and password management can be implemented securely and conveniently.This paper tries to make use of the smart phone to manage use's multiple web digital identities efficiently;to protect user's key information by encrypting authentication data and preserving these data in smart phone;to transmit authentication data to a user's personal computer via bluetooth communication; to realize anti-phishing by verifying the login user interface.Compared with other password management systems and anti-phishing tools,SmartID has significant advantages in protecting user's Web digital identities:SmartID can defend against phishing attack by strictly verifying the login user interface before submitting user's identity information.;SmartID can automatically fill username/password into a correct login interface so that users do not need to type complex passwords manually;SmartID has low deployment cost,because there's no need to modify original authenticating mechanism in current Web servers. |
PDF Full Text Request