Strong Authentication for Web Services with Mobile Universal Identity

  • Do van ThanheEmail author
  • Ivar Jørstad
  • Do van Thuan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9228)


To access services on the Web, users need quite often to have accounts, i.e. user names and passwords. This becomes a problem when the number of accounts keeps increasing at the same time password is a very weak form of authentication exposing the users to fraud and abuses. To address both mentioned issues we propose a Mobile Universal identity, which by combining Internet identifiers with mobile identifiers is capable of delivering strong authentication for Internet services. By introducing an identity provider, the solution enables the user to employ the Mobile Universal identity for multiple service providers. By federation with other identities, Mobile Universal identity can be used with service providers worldwide.


Identity management Strong authentication Identity federation Mobile identity Mobile ID 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    3rd Generation Partnership Project: 3GPP TS 33.220 V8.2.0 (2007-12) Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA) Generic bootstrapping architecture (Release 8)Google Scholar
  2. 2.
    Van Thanh, D., Jønvik, T., Van Thuan, D., Jørstad, I.: Enhancing internet service security using GSM SIM authentication. In: Proceedings of the IEEE Globecom 2006 Conference, San Francisco, USA, November 27, December 1, 2006. ISBN 1-4244-0357-XGoogle Scholar
  3. 3.
    Van Thanh, D., Jønvik, T., Feng, B., Van Thuan, D., Jørstad, I.: Simple strong authentication for internet applications using mobile phones. In: Proceedings of IEEE Global Communications Conference (IEEE GLOBECOM 2008), New Orleans, LA, USA, November 30, December 4, 2008. ISBN 978-1-4244-2324-8Google Scholar
  4. 4.
  5. 5.
  6. 6.
  7. 7.
  8. 8.
    3rd Generation Partnership Project: 3GPP TS 11.11 V6.0.0 (1998-04); Specification of the Subscriber Identity Module - Mobile Equipment (SIM-ME) Interface (Release 97)Google Scholar
  9. 9.
    NIST: National Institute of Standards and Technology. Special Publication 800-63 Version 1.0.2 Electronic Authentication Guideline, April 2006Google Scholar
  10. 10.
    T. Wason, et al., Liberty ID-FF Architecture Overview: Version: 1.2-errata-v1.0. Liberty Alliance Project (2005)Google Scholar
  11. 11.
  12. 12.
  13. 13.
    The Internet Engineering Task Force: Network Working Group, Haverinen, H., Salowey, J.: EAP-SIM Authentication. RFC 4186, IETF, January 2006Google Scholar
  14. 14.
    The Internet Engineering Task Force: Network Working Group. RFC 4187 Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)Google Scholar
  15. 15.
    ETSI TS 100 974 V7.15.0 (2004-03). Digital cellular telecommunications system (Phase 2+); Mobile Application Part (MAP) specification - (3GPP TS 09.02 version 7.15.0 Release 1998Google Scholar
  16. 16.
    Open Mobile Alliance (OMA): Wireless Application Protocol Architecture Specification - WAP Architecture Version, April 30, 1998Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Telenor and Norwegian University of Science and TechnologyFornebuNorway
  2. 2.New Generation CommunicationOsloNorway
  3. 3.LinusFornebuNorway

Personalised recommendations