Proposal of a self-delegation protocol for smart cards and mobile terminals

摘要

Mobile Services is recently extending to several communication services such as e-commerce and contents delivery services. A key technology which makes the services secure is user authentication. The user authentication is required to protect invalid use of the services. Basic schemes of the user authentication use some secret information as an authenticator, for example secret key, shared secret, and password. A verifier checks whether user has the secret information or not. Therefore, the secret information has to be stored securely. In real world, however, user may use insecure devices to make use of the services, so that secret information such as secret key may be compromised. One solution is that the mobile terminal has some personal identification mechanisms such as biometrics to activate the mobile terminal. However, this solution is inconvenient, because it requires an additional functions which is not cost effective and additional user actions when authentication, in this paper, we propose efficient self-delegation protocols and authentication protocols. A user stores the information, which relates with strict authentication, into a tamper-resistant module, and the user keeps it in his/her home securely. Tune limited authority is delegated into the mobile terminal by communicating with the tamper-resistant module on local basis. After the delegation, the user can use remote service by using the mobile terminal within the limited time. The self-delegation makes mobile services more secure to protect the primary secret information.