Ivar Jørstad

Using the mobile phone as a security token for unified authentication

The number of different identities and credentials used for authentication towards services on the Internet has increased beyond the manageable. Still, the most common authentication scheme is based on usernames and passwords. This is a weak authentication mechanism, which can be broken by eavesdropping on the network connection or by sloppy handling by the users (e.g. re-use of the same password for different services, writing down the passwords on paper etc.). Also, management of user credentials is a costly task for most companies, estimated by IDC to around 200-300 USD pr. user/year. Hence, better solutions for simplified, yet secure authentication, is required in the future. This paper proposes and describes an authentication scheme based on a One-Time Password (OTP) MIDlet running on a mobile phone for unified authentication towards any type of service on the Internet.

A service-oriented architecture framework for mobile services

Service-oriented architectures and service-oriented computing are the most recent approaches aimed at facilitating the design and development of applications on distributed systems. The paper investigates how the construction of mobile services can benefit from the service-oriented paradigm. The paper provides a presentation of the service-oriented architecture. A general discussion of equivalence between service components is then undertaken, in order to enable an analysis of service-oriented architectures for mobile services. The paper proceeds with a mapping of existing mobile services on service-oriented architectures. The requirements of mobile services, which must be taken into consideration in the service-oriented architecture, are identified from a generic model of mobile services. A service-oriented architecture framework supporting mobile services is proposed.

Strong authentication with mobile phone as security token

The protection of digital identities is getting more and more crucial. The usage of passwords for authentication is no longer sufficient and stronger authentication schemes are necessary. Strong authentication solutions using two identification factors require often an additional device, which could be inconvenient for the user and costly for the service providers. To avoid the usage of additional device, the mobile phone is adopted as security token. This paper provides a study of the various ways the mobile phone can be used as an authentication token towards service providers on the Internet. It starts with discussing the need for a strong authentication scheme, and the motivation for using the mobile phone to improve on several aspects of the current authentication processes. Thereafter, the general architecture for authentication with mobile phones is presented. Several different authentication solutions using the mobile phone as authentication token are then described, where the solutions vary in complexity, strength and user-friendliness. The paper ends with an evaluation of the different solutions, and a discussion of the most probable attacks. A classification of the solutions is also provided, according to defined criteria.

Simple Strong Authentication for Internet Applications Using Mobile Phones

This paper describes thoroughly an authentication solution that is adequately strong, user-friendly and cost efficient. The idea is to use the mobile phone and its SIM (subscriber identity module) as an authentication token in the authentication of the user for all Internet applications. The proposed solution is generic and offers authentication for any Internet applications on any devices connected to any networks. It is combining several standard strong authentication schemes like ISIM, generic bootstrapping architecture (GBA) with the innovative SIM strong authentication mechanisms.

An analysis of service continuity in mobile services

Users are making use of more and more devices like mobile phones, PDAs, laptops, stationary PCs, etc., and it is crucial to provide service continuity not only across heterogeneous networks but also across heterogeneous devices. Users should be able to use services with minimum interruption even when changing devices. This paper provides an analysis of the composition and distribution of generic mobile services. It then addresses the impacts these models have on service continuity across networks, devices and domains.

An analysis of current mobile services and enabling technologies

This paper presents the major technology enablers for mobile services in a comprehensive way and in relation to each other. Mobile services are subject to requirements not only from end-users and mobile network operators but also from wireless application service providers, the content providers, and equipment manufacturers. Each technology enabler is usually aiming at only a subset of the requirements and can be incomplete, inconsistent and overlapping with other technology enablers.

Service Discovery in Future Open Mobile Environments

Future mobile environment will see the open situation of mobile device that can be connected to several network systems offering heterogeneous sets of services using different names. In addition, the future mobile service can be anything and anybody including end-users can be service providers. This will result to the demand of having a dynamic and efficient service discovery and service matching. The paper discussed on the requirements of future service discovery based on the limitations found in the evaluation of existing service discovery schemes. Finally, the design of a future service discovery solution is proposed.

A service continuity layer for mobile services

The paper presents and discusses models of generic mobile services. The primary goal is to gain understanding of the challenges in designing, developing and deploying advanced mobile data services. Two types of models are introduced. First, a composition model is given, describing the components of a generic mobile service and the component relationships. Second, distribution models are presented, describing the distributions of the components in the first model across hosts, networks and domains. A brief mobility analysis is carried out, followed by a discussion of the dependency of mobility and service continuity on the service distribution. The functions necessary to provide service continuity are identified and incorporated in a service continuity layer.

Authentication in a Multi-access IMS Environment

The standard ISIM-based authentication mechanism of IMS is only intended for mobile phones and cannot be used for fixed IMS clients on stationary devices without SIM cards. This paper presents the authentication schemes dedicated for fixed IMS clients. Such schemes are necessary in order to extend the usage of IMS to fixed environments. Authentication solutions for other applications than the IMS client are also described. These applications are assumed to be located on the same stationary device as the IMS client, and might for example be browsers, contact lists and email clients. Finally, a single-sign-on mechanism is proposed. It is designed to simplify the authentication process without compromising the security.

The personalization of mobile services

This paper presents an analysis of the requirements for service personalization and proposes a generic service architecture that supports personalization. It starts with a study of relevant personalization works and a discussion on the importance of personalization on services. An information space for service personalization is elaborated. A definition of personalization is given, and based on this definition the components of a generic mobile service are identified. A summary of the requirements for each of these components is given. Two models for realizing personalization of mobile services are presented. Last, two case studies on personalized Web browsing are presented to further highlight the complexity of personalization of generic mobile services, and to motivate for future work.