The Extended Authentication Protocol using E-mail Authentication in OAuth 2.0 Protocol for Secure Granting of User Access

Abstract: Currently there are wide variety of web services and applications available for users. Such services restrict access to only authorized users, and therefore its users often need to go through the inconvenience of getting an authentication from each service every time.To resolve of such inconvenience, a third party application with OAuth(Open Authorization) protocol that can provide restricted access to different web services has appeared. OAuth protocol provides applicable and flexible services to its users, b… Show more

“… Authentication factor Identity: An information presented by one party to another to authenticate itself. Identity-based authentication schemes can use one (or a combination) of hash, symmetric or asymmetric cryptographic algorithms.Context: which can be: Physical: Biometric information based on physical characteristics of an individual, e.g., fingerprints, hand geometry, retinal scans, etc.Behavioral: Biometric based on behavioral characteristics of an individual, e.g., keystroke dynamics (pattern of rhythm and timing created when a person types), gait analysis (method used to assess the way we walk or run), voice ID (voice authentication that uses voice-print), etc. Use of tokens Token-based Authentication: Authenticates a user/device based on an identification token (piece of data) created by a server such as OAuth2 protocol [65,66] or open ID [67]. Non-Token based authentication: Involves the use of the credentials (username/password) every time there is a need to exchange data (e.g., TLS/DTLS [12,68,69]). Authentication procedure One-way authentication: In a scenario of two parties wishing to communicate with each other, only one party will authenticate itself to the other, while the other one remains unauthenticated.Two-way authentication: It is also called mutual authentication, in which both entities authenticate each other.Three-way authentication: Where a central authority authenticates the two parties and helps them to mutually authenticate themselves. Authentication architecture Distributed: Using a distributed straight authentication method between the communicating parties.Centralized: Using a centralized server or a trusted third party to distribute and manage the credentials used for authentication.Whether centralized or distributed, the authentication scheme architecture can be: Hierarchical: Utilizing a multi-level architecture to handle the authentication procedure.Flat: No hierarchical architecture is used to deal with the authentication procedure. IoT layer : Indicates the layer at which the authentication procedure is applied.…”

“… Behavioral: Biometric based on behavioral characteristics of an individual, e.g., keystroke dynamics (pattern of rhythm and timing created when a person types), gait analysis (method used to assess the way we walk or run), voice ID (voice authentication that uses voice-print), etc. Use of tokens Token-based Authentication: Authenticates a user/device based on an identification token (piece of data) created by a server such as OAuth2 protocol [ 65 , 66 ] or open ID [ 67 ]. Non-Token based authentication: Involves the use of the credentials (username/password) every time there is a need to exchange data (e.g., TLS/DTLS [ 12 , 68 , 69 ]).…”

“…Use of tokens Token-based Authentication: Authenticates a user/device based on an identification token (piece of data) created by a server such as OAuth2 protocol [ 65 , 66 ] or open ID [ 67 ]. Non-Token based authentication: Involves the use of the credentials (username/password) every time there is a need to exchange data (e.g., TLS/DTLS [ 12 , 68 , 69 ]).…”

“…Token-based Authentication: Authenticates a user/device based on an identification token (piece of data) created by a server such as OAuth2 protocol [ 65 , 66 ] or open ID [ 67 ].…”

A Survey of Internet of Things (IoT) Authentication Schemes

“… Authentication factor Identity: An information presented by one party to another to authenticate itself. Identity-based authentication schemes can use one (or a combination) of hash, symmetric or asymmetric cryptographic algorithms.Context: which can be: Physical: Biometric information based on physical characteristics of an individual, e.g., fingerprints, hand geometry, retinal scans, etc.Behavioral: Biometric based on behavioral characteristics of an individual, e.g., keystroke dynamics (pattern of rhythm and timing created when a person types), gait analysis (method used to assess the way we walk or run), voice ID (voice authentication that uses voice-print), etc. Use of tokens Token-based Authentication: Authenticates a user/device based on an identification token (piece of data) created by a server such as OAuth2 protocol [65,66] or open ID [67]. Non-Token based authentication: Involves the use of the credentials (username/password) every time there is a need to exchange data (e.g., TLS/DTLS [12,68,69]). Authentication procedure One-way authentication: In a scenario of two parties wishing to communicate with each other, only one party will authenticate itself to the other, while the other one remains unauthenticated.Two-way authentication: It is also called mutual authentication, in which both entities authenticate each other.Three-way authentication: Where a central authority authenticates the two parties and helps them to mutually authenticate themselves. Authentication architecture Distributed: Using a distributed straight authentication method between the communicating parties.Centralized: Using a centralized server or a trusted third party to distribute and manage the credentials used for authentication.Whether centralized or distributed, the authentication scheme architecture can be: Hierarchical: Utilizing a multi-level architecture to handle the authentication procedure.Flat: No hierarchical architecture is used to deal with the authentication procedure. IoT layer : Indicates the layer at which the authentication procedure is applied.…”

“… Behavioral: Biometric based on behavioral characteristics of an individual, e.g., keystroke dynamics (pattern of rhythm and timing created when a person types), gait analysis (method used to assess the way we walk or run), voice ID (voice authentication that uses voice-print), etc. Use of tokens Token-based Authentication: Authenticates a user/device based on an identification token (piece of data) created by a server such as OAuth2 protocol [ 65 , 66 ] or open ID [ 67 ]. Non-Token based authentication: Involves the use of the credentials (username/password) every time there is a need to exchange data (e.g., TLS/DTLS [ 12 , 68 , 69 ]).…”

“…Use of tokens Token-based Authentication: Authenticates a user/device based on an identification token (piece of data) created by a server such as OAuth2 protocol [ 65 , 66 ] or open ID [ 67 ]. Non-Token based authentication: Involves the use of the credentials (username/password) every time there is a need to exchange data (e.g., TLS/DTLS [ 12 , 68 , 69 ]).…”

“…Token-based Authentication: Authenticates a user/device based on an identification token (piece of data) created by a server such as OAuth2 protocol [ 65 , 66 ] or open ID [ 67 ].…”

A Survey of Internet of Things (IoT) Authentication Schemes

“…• In (Chae et al, 2015) authors have discussed about the replay attack as the authorization code is not for single use. Any attacker who captures the authorization code within its lifetime can resend the request to access the resources.…”

An OAuth-based Authentication Mechanism for Open Messaging Interface Standard

A Three-Way Energy Efficient Authentication Protocol Using Bluetooth Low Energy