User-Friendly Authentication and Authorization Using a Smartphone Proxy

  • Luis Roalter
  • Stefan Diewald
  • Andreas Möller
  • Tobias Stockinger
  • Matthias Kranz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8112)


We present a novel approach to authenticate and authorize a user, using her personal smartphone. The presented architecture is complemented with a proof-of-concept implementation. The implemented system architecture is based on a single sign-on solution (SSO), extended to allow the usage of the smartphone as authentication and authorization device. We evaluated the system within real-world scenarios, observing users’ behavior using the novel technique. Based on our experiences, we summarize advances, made both in usability and security, for novel implementations using the proposed concept.


Mobile Computing Mobile Authentication Mobile Authorization Proxy Authentication Mobile Security Secure Authentication Single Sign-On 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Hammer-Lahav, E.: RFC 5849 – The OAuth 1.0 protocol. Technical report, IETF (2010)Google Scholar
  2. 2.
    Recordon, D., Reed, D.: OpenID 2.0: A Platform for User-Centric Identity Management. In: Proceedings of the 2nd ACM workshop on Digital Identity Management, DIM 2006, pp. 11–16. ACM, New York (2006)Google Scholar
  3. 3.
    Miculan, M., Urban, C.: Formal analysis of Facebook Connect single sign-on authentication protocol. In: SOFSEM, vol. 11, pp. 22–28 (2011)Google Scholar
  4. 4.
    Erdos, M., Cantor, S.: Shibboleth-Architecture Draft v05. Internet2/MACE (May 2002)Google Scholar
  5. 5.
    Parker, T.: Single Sign-On Systems – The Technologies and the Products. In: European Convention on Security and Detection, pp. 151–155 (May 1995)Google Scholar
  6. 6.
    M’Raihi, D., Bellare, M., Hoornaert, F., Naccache, D., Ranen, O.: RFC 4226 – HOTP: An HMAC-Based One-Time Password Algorithm. Technical Report 4226, IETF (December 2005)Google Scholar
  7. 7.
    De Luca, A., Frauendienst, B., Boring, S., Hussmann, H.: My Phone is my Keypad: Privacy-Enhanced PIN-Entry on Public Terminals. In: Proceedings of the 21st Annual Conference of the Australian Computer-Human Interaction Special Interest Group: Design: Open 24/7, OZCHI 2009, pp. 401–404. ACM, New York (2009)CrossRefGoogle Scholar
  8. 8.
    Vapen, A., Byers, D., Shahmehri, N.: 2-clickAuth Optical Challenge-Response Authentication. In: IEEE International Conference on Availability, Reliability, and Security, pp. 79–86 (2010)Google Scholar
  9. 9.
    Mayrhofer, R., Fuss, J., Ion, I.: UACAP: A Unified Auxiliary Channel Authentication Protocol. IEEE Transactions on Mobile Computing 99 (2012)Google Scholar
  10. 10.
    Mizuno, S., Yamada, K., Takahashi, K.: Authentication Using Multiple Communication Channels. In: Proceedings of the 2005 Workshop on Digital Identity Management, DIM 2005, pp. 54–62. ACM, New York (2005)CrossRefGoogle Scholar
  11. 11.
    De Luca, A., Frauendienst, B.: A Privacy-Respectful Input Method for Public Terminals. In: Proceedings of the 5th Nordic Conference on Human-computer Interaction: Building Bridges. NordiCHI 2008, pp. 455–458. ACM, New York (2008)Google Scholar
  12. 12.
    Möller, A., Michahelles, F., Diewald, S., Roalter, L., Kranz, M.: Update Behavior in App Markets and Security Implications: A Case Study in Google Play. In: Poppinga, B. (ed.) Proceedings of the 3rd International Workshop on Research in the Large. Held in Conjunction with Mobile HCI, pp. 3–6 (September 2012)Google Scholar
  13. 13.
    Müller, J., Alt, F., Michelis, D.: Pervasive Advertising. Pervasive Advertising, 1–29 (2011)Google Scholar
  14. 14.
    Kranz, M., Holleis, P., Schmidt, A.: Ubiquitous Presence Systems. In: Proceedings of the 2006 ACM Symposium on Applied Computing, pp. 1902–1909. ACM, New York (2006)CrossRefGoogle Scholar
  15. 15.
    Davies, N., Langheinrich, M., Jose, R., Schmidt, A.: Open Display Networks: A Communications Medium for the 21st Century. Computer 45(5), 58–64 (2012)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Luis Roalter
    • 1
  • Stefan Diewald
    • 1
  • Andreas Möller
    • 1
  • Tobias Stockinger
    • 2
  • Matthias Kranz
    • 2
  1. 1.Institute for Media TechnologyTechnische Universität MünchenMunichGermany
  2. 2.Lehrstuhl für Informatik mit Schwerpunkt Eingebettete SystemeUniversität PassauPassauGermany

Personalised recommendations