Research Output

Comparing and contrasting different mobile phone technologies when implementing out-of-band authentication to a web portal using social security numbers to identify users.

  With increasing numbers of broadband connections (Office for National Statistics, 2008) and consumers conducting ever more complex transactions on those connections (Nicholas, Kershaw, & Walker, 2006 /2007), it is imperative that users and services have accountability through proof of identity (Summers, 1997). Yet some proponents argue that given the openness of the internet it may be almost impossible to absolutely prove the identity of a remote person or service (Price, 2006).

Kim Cameron in his argument for Federated Identity states that “A system that does not put users in control will – immediately or over time – be rejected.” (2005) which is also a view echoed by Dean (Identity Management – back to the user, 2006). The aim of the thesis is to argue for a self-authentication factor that is integrated into a Federated Identity infrastructure using an out-of-band loop to a mobile device; this argument is then supported with an implemented proof-of-concept prototype. The prototype and its concept are evaluated in a small usability study and an encryption performance experiment on a mobile device. The results of the usability study show that users feel more comfortable with self-authentication using something physical that they hold and respond to than with a third party verifying information on their behalf. The results also show the encryption needed for end-to-end confidentiality and integrity during the out-of-band communication will affect battery life to a degree. The thesis concludes that there is a sound base for self-authentication from a user perspective and that further user and infrastructure studies will need to be conducted on self-authentication before it is realised in the marketplace. It also found that implementing the prototype was more straightforward for the .Net Compact Framework on the Windows Mobile device than it was using the JavaMe platform.

  • Type:

    Thesis

  • Date:

    30 November 2008

  • Publication Status:

    Unpublished

  • Library of Congress:

    TK Electrical engineering. Electronics Nuclear engineering

  • Dewey Decimal Classification:

    621.3821 Communications networks

Citation

Wagstaff, A. Comparing and contrasting different mobile phone technologies when implementing out-of-band authentication to a web portal using social security numbers to identify users. (Thesis). Edinburgh Napier University. Retrieved from http://researchrepository.napier.ac.uk/id/eprint/4030

Keywords

Mobile phone communication; broadband; federated identity; self-authenticated; out-of-band; confidentiality; encryption;

Available Documents