Password based schemes has been the standard means of authentication over decades. Enhancements use entities like ownership (something one possess), knowledge (something one knows), and inherence (something one is) as first factor and mobile phones as token less second factor, in combinations, to offer different levels of security assurances, trading off usability. In this paper we present ?2CAuth? a new two factor authentication scheme that enhances secure usage of application information and preserves usability, without sacrificing user?s privacy. A significant feature of the scheme is that it DOES NOT call for any synchronization between Mobile Network Operator (MNO) and users. The analysis of the scheme clearly brings out its effectiveness in terms of its usability even at times of peak loads on mobile networks. The scheme has the dual advantage of carrying out the verification of transactions which involve the physical presence of the user as well as those to be done in his absence.
展开▼
