07-04-2011, 12:13 PM
Presented by
P.Lakshmi Rajyam
P.Lakshmi Mythreyi
[attachment=11841]
ABSTRACT
As computing becomes pervasive, people increasing rely on public computers to do business over internet .But accessing today’s web-based services invariably requires typing username and password to authenticate. Personal authentication is an important process we encounter almost every day, when we are logging on a computer, entering a company where we work, or restricted area, when we are using our plastic credit cards to pay for a service or to complete some other financial transaction, in each of this process personal authentication is required.
This paper describes a general- purpose mechanism for secure authentication users via Bluetooth technology, but by using the novel technologies like mobile computing and wireless networking, it is possible to avoid carrying the plastic ID cards or remembering the number of PIN codes. A Secure Authentication via Bluetooth Technology has been designed using cryptographic primitive’s .In this system the secure authentication is provided to Access Controlled Object (ACO). The ACO requires the authentication details which are encrypted and send by advanced sophisticated Mobile phone via Bluetooth. In order to use its service. ACO is employed to check a claimant’s Knowledge of a secret key, as if authentication fails, a certain waiting interval must pass before a new attempt can be made. The waiting interval will increase exponentially .This is to prevent an intruder to repeat the authentication procedure with different keys. This system
has been designed by using authentication and confidentiality provided by public key cryptographic system.
Keywords: Public key Cryptography, Encryption, Secure Communication, Authentication, Mobile Devices, Bluetooth, Wireless Networking.
I. INTRODUCTION
Today small and middle range ubiquitous wireless networks allow innovative exchange of information between different parties in the communication process. In this paper we will outline a set of basic principles of using wireless technologies in controlling and restricting access to a physical object or a service.
The most important practical advantage of such approach is that only existing, and readily available communication and computer system infrastructures will be used, so there is no need for any custom computer platform or hardware. It is only required to design the appropriate software layers which will handle the authentication process.
II. SYSTEM ARCHITECTURE
In describing any system architecture it is important to start with the most important part, and in this case that is access controlled object (ACO). ACO is a physical or software object which requires authentication in order to use its services. ACO can be cinema entrance, gallery door, company port or whatever. The important thing is that this object has wireless communication possibility (WCP), e.g. Bluetooth or IrDA. Through this WCP every mobile client device which also has WCP connects to ACO and asks for permission to use it's service or services. ACO returns an encrypted message to the mobile client which can also communicate with telecom communication infrastructure (TCI) owned by local mobile telephony provider. Mobile client communicates with TCI through any of available wireless protocols like GSM, GPRS, EDGE or UMTS. TCI has GSM/TCP-IP gateway so it is connected with custom access provider (CAP) through a standard Internet connection. CAP receives the encrypted message and provides authentication. The authentication can be successful or mobile client’s request can be rejected. The entire process is illustrated in Figure 1.
III. AUTHENTICATION OBJECT MODEL
In general, for authentication we will propose an overall object model which consists of a few processes (see Figure 2).
Authentication process starts with access request that is generated by mobile client. This request is encrypted on the service object side along with inserted unique token tag and returned to mobile client. Token tag usually describes type of service, time and other event-place information. Then, this new message passes from mobile client through telecom communication infrastructure and is received and processed by access provider, which then accepts or rejects the request according to the implemented algorithm. The algorithm itself represents behavior of a specific usage and can vary from case to case. Access provider can give only two specific responses: mobile client can get authentication, or it can not get authentication.
As it is well known, in the telecom industry there are two distinct types of client accounts: prepaid and postpaid. They differ in the way the customers pay for their wireless services, data and voice traffic. Prepaid clients pay their services in advance by purchasing a coupon or a voucher which can be used during a specific period of time, e.g. three or six months. On the other hand, postpaid clients are charged after they have consumed the telecom’s service.
Taking into account these two different types of client accounts, the authentication process can fail due to four reasons which are explained in the Table 1.
Table 1 – Authentication failure use-cases
If the authentication is successful, client has access to the service and message from access provider informing client about the successful authentication process is directed back again to the event-place through TCI, service is paid and authentication is successful.
IV. UML OBJECT MODEL AND PAYMENT PROCESS
More detailed UML explanation based on authentication and events are described in Figure 2.
Mobile client requests a key for service through telecom operator. Telecom forwards requested key to access provider which provides overall authentication process. access provider checks payment possibility and, if successful, stores result in the database and continues with returning a success message. Then, payment is executed and result of payment (sum or error) is also stored in the database. In the end, message of successful payment or error is directed back to mobile client. Client service access depends on this message, so client will temporarly save this message for later service access request.
V. SERVICE ACCESS PROCESS
When mobile client has permission for service access, it can use this service. Figure 3 shows service access process starting with service access request. This is message from mobile client to access controlled object that provides service. Service access request is forwarded to service provider which makes authentication process again (in the dependency of access key sent with request) and, if successful, executes authorization process which will determined if client has access permission to requested service or not. If it has, service provider permits access to this service and gives service. Result of authentication and authorization is then stored in the database and message with permission is sent through telecom operator to mobile client. Client uses service in the way it sends service use
P.Lakshmi Rajyam
P.Lakshmi Mythreyi
[attachment=11841]
ABSTRACT
As computing becomes pervasive, people increasing rely on public computers to do business over internet .But accessing today’s web-based services invariably requires typing username and password to authenticate. Personal authentication is an important process we encounter almost every day, when we are logging on a computer, entering a company where we work, or restricted area, when we are using our plastic credit cards to pay for a service or to complete some other financial transaction, in each of this process personal authentication is required.
This paper describes a general- purpose mechanism for secure authentication users via Bluetooth technology, but by using the novel technologies like mobile computing and wireless networking, it is possible to avoid carrying the plastic ID cards or remembering the number of PIN codes. A Secure Authentication via Bluetooth Technology has been designed using cryptographic primitive’s .In this system the secure authentication is provided to Access Controlled Object (ACO). The ACO requires the authentication details which are encrypted and send by advanced sophisticated Mobile phone via Bluetooth. In order to use its service. ACO is employed to check a claimant’s Knowledge of a secret key, as if authentication fails, a certain waiting interval must pass before a new attempt can be made. The waiting interval will increase exponentially .This is to prevent an intruder to repeat the authentication procedure with different keys. This system
has been designed by using authentication and confidentiality provided by public key cryptographic system.
Keywords: Public key Cryptography, Encryption, Secure Communication, Authentication, Mobile Devices, Bluetooth, Wireless Networking.
I. INTRODUCTION
Today small and middle range ubiquitous wireless networks allow innovative exchange of information between different parties in the communication process. In this paper we will outline a set of basic principles of using wireless technologies in controlling and restricting access to a physical object or a service.
The most important practical advantage of such approach is that only existing, and readily available communication and computer system infrastructures will be used, so there is no need for any custom computer platform or hardware. It is only required to design the appropriate software layers which will handle the authentication process.
II. SYSTEM ARCHITECTURE
In describing any system architecture it is important to start with the most important part, and in this case that is access controlled object (ACO). ACO is a physical or software object which requires authentication in order to use its services. ACO can be cinema entrance, gallery door, company port or whatever. The important thing is that this object has wireless communication possibility (WCP), e.g. Bluetooth or IrDA. Through this WCP every mobile client device which also has WCP connects to ACO and asks for permission to use it's service or services. ACO returns an encrypted message to the mobile client which can also communicate with telecom communication infrastructure (TCI) owned by local mobile telephony provider. Mobile client communicates with TCI through any of available wireless protocols like GSM, GPRS, EDGE or UMTS. TCI has GSM/TCP-IP gateway so it is connected with custom access provider (CAP) through a standard Internet connection. CAP receives the encrypted message and provides authentication. The authentication can be successful or mobile client’s request can be rejected. The entire process is illustrated in Figure 1.
III. AUTHENTICATION OBJECT MODEL
In general, for authentication we will propose an overall object model which consists of a few processes (see Figure 2).
Authentication process starts with access request that is generated by mobile client. This request is encrypted on the service object side along with inserted unique token tag and returned to mobile client. Token tag usually describes type of service, time and other event-place information. Then, this new message passes from mobile client through telecom communication infrastructure and is received and processed by access provider, which then accepts or rejects the request according to the implemented algorithm. The algorithm itself represents behavior of a specific usage and can vary from case to case. Access provider can give only two specific responses: mobile client can get authentication, or it can not get authentication.
As it is well known, in the telecom industry there are two distinct types of client accounts: prepaid and postpaid. They differ in the way the customers pay for their wireless services, data and voice traffic. Prepaid clients pay their services in advance by purchasing a coupon or a voucher which can be used during a specific period of time, e.g. three or six months. On the other hand, postpaid clients are charged after they have consumed the telecom’s service.
Taking into account these two different types of client accounts, the authentication process can fail due to four reasons which are explained in the Table 1.
Table 1 – Authentication failure use-cases
If the authentication is successful, client has access to the service and message from access provider informing client about the successful authentication process is directed back again to the event-place through TCI, service is paid and authentication is successful.
IV. UML OBJECT MODEL AND PAYMENT PROCESS
More detailed UML explanation based on authentication and events are described in Figure 2.
Mobile client requests a key for service through telecom operator. Telecom forwards requested key to access provider which provides overall authentication process. access provider checks payment possibility and, if successful, stores result in the database and continues with returning a success message. Then, payment is executed and result of payment (sum or error) is also stored in the database. In the end, message of successful payment or error is directed back to mobile client. Client service access depends on this message, so client will temporarly save this message for later service access request.
V. SERVICE ACCESS PROCESS
When mobile client has permission for service access, it can use this service. Figure 3 shows service access process starting with service access request. This is message from mobile client to access controlled object that provides service. Service access request is forwarded to service provider which makes authentication process again (in the dependency of access key sent with request) and, if successful, executes authorization process which will determined if client has access permission to requested service or not. If it has, service provider permits access to this service and gives service. Result of authentication and authorization is then stored in the database and message with permission is sent through telecom operator to mobile client. Client uses service in the way it sends service use
