Universal Key to Authentication Authority with Human-Computable OTP Generator

• Autorzy: Matelski Sławomir

Identyfikatory

DOI

10.15439/2022F71

• Języki publikacji: EN

Abstrakty

EN

The subject of this paper is an enhanced alternative to the Multi-Factor Authentication (MFA) methods. The improvement lies in the elimination of any supplementary gadgets/devices or theft-sensitive biometric data, by substituting it with direct human-computer authentication optionally supplemented by cognitive biometric. This approach remains secure also in untrusted systems or environments. It allows only one secret as a universal private key for all obtainable online accounts. However, the features of this new solution pretend it to be used by the Authentication Authority with the Single-Sign-On (SSO) method of identity and access management, rather than for individual services. This secret key is used by our innovative challenge response protocol for human-generated One-Time Passwords (OTP) based on a hard lattice problem with noise introduced by our new method which we call Learning with Options (LWO). This secret has the form of an outline like a kind of handwritten autograph, designed in invisible ink. The password generation process requires following such an invisible contour, similar to a manual autograph, and it can also be done offline on paper documents with an acceptable level of security and usability meeting the requirements for post-quantum symmetric cyphers and commercial implementation also in the field of IoT.

• Wydawca: Polskie Towarzystwo Informatyczne
• Czasopismo: Annals of Computer Science and Information Systems
• Rocznik: 2022
• Tom: Vol. 30
• Strony: 663--671
• Opis fizyczny: Bibliogr. 25 poz.

Twórcy

autor

Matelski Sławomir