Architecture Framework for Device Single Sign On in Personal Area Networks
This paper addresses the Single Sign On (SSO) issue in personal Area Networks (PANs) comprising of heterogeneous handheld devices. Architectures for service SSO solutions at the enterprise level are already in the market and some standards for such solutions exist. In this paper however we introduce the notion of device level SSO. By device SSO, we refer to the process of logging on to one device and then subsequently being authorized for other devices on a need only basis, without the user being prompted for his credentials or requiring any further manual interaction. Device SSO secures the authentication process in a PAN and alleviates the users from the burden of handling and managing the credentials of each device in the PAN. While borrowing elements from the enterprise level SSO standards, our architecture has been custom-tailored to the characteristics and inherent features of a PAN environment. Client server and peer-to-peer SSO schemes have been designed to fit both PAN star and mesh architectures. The proposed scheme is an application layer solution that is independent of the device platform and the underlying radio link. A sample prototype application has been developed as a proof of concept that runs on laptops and PDAs communicating over Bluetooth links.
KeywordsAuthentication Protocol Mutual Authentication Single Sign Architecture Framework Personal Device
Unable to display preview. Download preview PDF.
- 1.Kelly, M.: Is Single Sign on a Security Risk?, Version 1.2e, © SANS Institute, GIAC Certified Student Practical (June 2002) Google Scholar
- 3.Ortiz, E.: A Survey of J2ME Today (October 2004)Google Scholar
- 4.Liberty Alliance Specifications, www.projectliberty.org
- 5.Kormann, D.P., Rubin, A.D.: Risks of the Passport Single Sign on Protocol, Computer Networks, vol. 33, pp. 51–58. Elsevier Science Press, Amsterdam (2000)Google Scholar
- 11.Gehrmann, C., Nyberg, K., Mitchell, C.J.: Manual authentication for wireless devices. Cryptobytes 7(1), 29–37 (2004)Google Scholar
- 14.RFC 1510, The Kerberos Network Authentication Service (V5), www.ietf.org/rfc/rfc1510.txt