TrustedID: An Identity Management System based on OpenID Connect Protocol

Köse, Büşra Özdenizci; Buk, Onur; Mantar, Hacı Ali; Çoşkun, Vedat

doi:10.1109/ismsit50672.2020.9254886

Cited by 6 publications

(9 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the previous study (Kose et al, 2020), two main processes of the proposed TrustedID system were designed and explained in detail: System Registration Process and System Usage Process. In accordance with the designed process flows and defined functional requirements, system registration and system usage processes of TrustedID system were developed and tested systematically in this study.…”

Section: Resultsmentioning

confidence: 99%

“…Authentication is the provision of assurance in the claimed identity of an entity (ISO/IEC 29115, 2013). Each authentication mechanism benefits from one or more factors of the user; a strong authentication mechanism should use at least two factors of user (Kose et al, 2020). Today, three factor groups are available for authentication of a user (Ometov et al, 2018):…”

Section: Multi-factor Authentication Iso/iec 29115 Standardmentioning

confidence: 99%

“…Articles 1, 2, 3, 4, 7, and 8 of the Mobile Connect protocol are implemented as standard by the relevant actor. However, the authentication method to be used in relation to Articles 5 and 6 is left to the initiatives of MNOs in order to provide flexibility and diversity (Mobile Connect, 2020; Kose et al, 2020). The authentication method used here determines LoA at the authentication stage.…”

Section: Mobile Connect Standardmentioning

confidence: 99%

“…This level requires usage of personal data especially biometric data to satisfy high risk transactions. (Kose et al, 2020) The designed and developed TrustedID system has two parts: TrustedID (Client) Application and TrustedID Server Application. TrustedID Client Application is the part of the developed TrustedID system that runs on the Android smartphone.…”

Section: Loa4mentioning

confidence: 99%

“…This multi-factor authentication system for mobile services and mobile users supports new value added services development as well as mobile ecosystem advancement. In our previous study (Kose et al, 2020), the system analysis and design considerations (i.e., preliminary studies, system context, functional requirements with process flows) of proposed system have been presented clearly.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Yeni Bir Güvenlik Katmanı Ekleyerek Mobil Hizmet Kullanıcısı Kimliğinin Güvenliğini Sağlama

Köse¹,

Buk²,

Mantar³

et al. 2021

European Journal of Science and Technology

Self Cite

View full text Add to dashboard Cite

Today, various common identity systems (e.g. Facebook Login, Google Connect, Apple ID) are used to improve operational efficiency for service providers and provide an easier authentication method in web or mobile services for users. Almost all common identity systems focus on delivering seamless user experience while proving user identity securely to the service provider. In particular, the use of common identity systems with a high security level is becoming a more important requirement on smartphones. In this context, MNOs (Mobile Network Operators) are considered as an important actor in providing common identity services, as they have strong GSM capabilities. Currently, it is possible to see many identity management solutions-based on OpenID Connect and Mobile Connect standards-from MNOs which are used for authentication in mobile applications of service providers. However, existing solutions generally does not provide very high level of assurance in the asserted digital identity. With advancements in value-added mobile services and increasing security requirements; there is a need for common identity systems that provide higher levels of assurance (i.e., particularly LoA4), strong authentication and non-repudiation services for service providers and users. This study presents the development and implementation of a multi-factor authentication method for mobile services based on Mobile Connect and OpenID Connect standards. The designed model includes the usage of three identity-knowledge, ownership, biometric-factors of user in order to access sensitive mobile services on the smartphone. The system development and testing studies were systematically presented based on the functional requirements. The realization and deployment of the proposed model by MNOs could play an important role in the development of mobile services that require a high level of assurance in the future.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Multi-factor Authentication Iso/iec 29115 Standardmentioning

confidence: 99%

Section: Mobile Connect Standardmentioning

confidence: 99%

Section: Loa4mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations