Currently, most means of communication include some form of identification of the sender/originator, but none of these identifications are securely authenticated (at least not conveniently or in wide use). Legitimate business entities can be misrepresented by their name, and this creates opportunities for various scams known as phishing. We propose a new end-to-end authentication scheme that can be used to authenticate companies over many means of communication including telephony, email, web, and Instant Messaging. The framework is flexible and gives concerned legitimate institutions the ability to delegate their authenticated names to employees outside the office as well as outsourcing companies.
Categories and Subject DescriptorsK.6.5 [Management of computing and information systems]:
This paper describes a prototype of a new authentication paradigm using X.509 certificates but with a new trust model. This paradigm provides a scalable anti-phishing solution to identity management helping legal entities such as government or businesses. This paradigm explicitly gives up the goal of "Global Trust" -trust is always "Local". In everyday life, a user cares only about specific communities, so the idea is to provide necessary and sufficient identification to a particular user. By explicitly limiting the scope of trust we reduce the complexity inherent to the management of certified identities. We present a prototype including certificate management and authentication modules that were integrated with a VoIP application.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.