By Topic

An Online User Authentication Scheme for Web-Based services

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Yu Sheng ; Inst. of Electron. Technol., Inf. Eng. Univ., Zhengzhou ; Zhu Lu

Online user authentication using secure protocol is required by most web-based services. User authentication is mostly carried out by sending a pair of username and password to the server, since most users have not a certificate. Some attacks just rely on this fact, such as phishing attacks. In the paper, we discuss the issue of online user authentication and propose a method for online user authentication employing trusted computing technology. We describe a browser extension scheme, which transparently produces a certificate for each user, improving web authentication security and defending against password phishing and other attacks. Since the scheme combines the password entered by the user, the password associated with private key protected by trusted platform module, and user certificate provided by trusted computing platform, thieving only the password at web will not have an affect on user security. And no changes on the server side are required in the scheme. The proposed approach could be proved to protect against phishing attacks.

Published in:

Business and Information Management, 2008. ISBIM '08. International Seminar on  (Volume:2 )

Date of Conference:

19-19 Dec. 2008