Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

That's a must-see. No password management is needed on web server

A new authentication method easy to migrate from traditional authentication system
Security
That’s a must-see. No password management is needed
on web server
S-2
Comparing Password-Based Authentication which has about ten characters, the two-factor authentication protocol (M-Pin authentication protocol)
has high security. However, most service providers need modification of an existing system to migrate to M-Pin authentication. Then, we have
developed the non-interactive and password-less authentication system*1 which is capable of the migration from Password-Based Authentication to
M-Pin authentication with a small change. Using this system, a service provider can migrate to high safe the two-factor authentication system easily.
Existing M-Pin
1. ID
1. ID
2. Random number
2. Random number
3. Authentication data
3. Authentication data
No
password
Existing M-Pin
Authentication server
Entering words into a device,
Web server
Conversion into the authentication data.
Non-interactive and
password-less authentication
1. ID・ Non-interactive
Authentication data
Entering words into a device,
Conversion into the noninteractive authentication
Web
data.*2
1’. ID・password
Features
Must modify in order to migrate M-Pin
Use the existing web service
without changes
1. ID・Non-interactive
Authentication data
1. ID・Non-interactive
Authentication data
1’. ID・Password
server
No
password
Non-interactive passwordless authentication server*2
Checking out the
received information*3
Proxy server
1’. ID・Password
Can choose Password-Based
Authentication
・Password
・User data
LDAP Server
*1 Non-interactive and password-less authentication system is developed in collaboration with NTT Innovation Institute,
Inc. and with MIRACL Inc. *2 We have modified M-Pin authentication protocol in order to use Password-Based
Authentication protocol together *3 The integration technology which switch to two-factor authentication protocol or
Password-Based Authentication by authentication data
■ [Facility to migrate an authentication protocol]
This system enables to migrate to the two-factor authentication
protocol by changing the configuration of an existing system only.
■ [Flexibility of the component of the system]
This system is capable to authenticate a user, using user’s data
such as user-name or address stored in LDAP server.
■ [High security]
In this system, the data of Non-interactive authentication is secure
form eavesdropping and forgery, because a user sends the data
which is converted to authentication data by advanced
cryptographic technology.
■ [Avoidance of a risk for the leakage of the password]
The service provider only has to keep one secret data in noninteractive and password-less authentication server. Therefore, MPin protocol prevents from leaking of password stored in LDAP
server.
Application Scenarios
■ Migrating to the two-factor authentication system, the service
provider can reinforce the security of web service which uses the
Password-Based authentication.
■ The users can choose the two-factor authentication protocol or an
existing Password-Based protocol.
〈Contact〉sv-forum@lab.ntt.co.jp
Copyright © 2016 NTT. All Rights Reserved.
Related documents
CS 2813 - Loyola College
CS 2813 - Loyola College
Chapter 11 HW
Chapter 11 HW
I think that public-key`s authentication process and symmetric key`s
I think that public-key`s authentication process and symmetric key`s
sequence authentication
sequence authentication
Chapter 13
Chapter 13
Davis
Davis
cryptography and network security
cryptography and network security
Computing Service – Registration and authentication
Computing Service – Registration and authentication
Download