1 / 25

Smartphone-based authorization system

Smartphone-based authorization system. Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang , Ailiyasijiang Zhou, Guanlong.

caron
Télécharger la présentation

Smartphone-based authorization system

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011). Integrating OAuth with Information Card Systems. In Proceedings of IAS '11: 7th International Conference on Information Assurance and Security, Malacca, Malaysia, 5-8 December 2011. IEEE.

  2. Abstract • The scheme using between the OAuth and Information Card System(CardSpace) (The Scheme in Mid-Term) • The drawbacks of OAuth/OpenIDand Information Card System • The scheme in Smartphone-based authorization system • The implementation - http://sng.mizzou1.com • The Snap & Go App on Android System Red words are our contribution

  3. In the Mid-term presentation: A scheme using between the OAuth and Information Card System(CardSpace) was presented.

  4. Why dose the paper try to use this scheme? • To mitigate identity-oriented attacks, a number of identity systems (e.g. CardSpace, OAuth, OpenID, etc.) have been proposed . • An identity provider in such systems supplies a user agent with a security token that can be consumed by a relying party. • Whilst one RP might support an Information Card system, another might only sup- port OAuth . • To make these systems available to the largest possible group of users, interoperability between such systems is needed.

  5. How CardSpace w/ OAuth works Relying Party 2. copied “I would like a SAML 1.1 token, containing First Name, Surname, issued by *any*” Policy check • Access resource 3. UI filters cards that can satisfy policy hold & modified 7. Token is presented 4. User picks a card OAuthCard 6. Token is created 5. Token is requested Identity Provider

  6. The drawbacks of OAuth/Open-ID and Information Card System • 1.The Information Card System requires different extensions installed on the different browsers.

  7. The drawbacks of OAuth/Open-ID and Information Card System • 2.The Information Card System has been abandoned. Microsoft announced that Windows CardSpace 2.0 will not be shipped.

  8. The drawbacks of OAuth/Open-ID and Information Card System • 3. Users still need to enter username and password when logging using OAuth / Open-ID (On the public computers or they didn’t login) Not Convenient Not Safe

  9. Our scheme: Snap & Go • User has some cards in their smart-phone. (the real information behind the cards is saved on the Identity Provider Server) • User logs in the “Snap & Go” app on his smart-phone. • User uses the app to shoot at the QR-code on the website. • User logged in successfully into his account.

  10. How “Snap &Go” works? Relying Party “I would like some information, containing First Name, Surname, issued by snap&go” 2. 2. Login Snap&Go using any android device Policy 2.c 2. Token is requested 2.c 2.c 4. Scan the QR code on the page 3. Access token is presented 6. Information presented 2. Identity Provider • Access resource 5. User picks a card

  11. What’s on where? In the App( On Smart-phone) All the cards that contain user’s information

  12. What’s on where? On Identity Provider Server • Users Accounts Information(Username & Password) • All the cards that contain user’s information • APIs(Relying Parties Information and keys) • The relation between one authorized card and one relying party.

  13. What’s on where? On Relying Party Server • API key to connect to Identity Provider Server(IPS) • QR-code generator • The token got from the IPS • The users information got from the IPS

  14. How to use “Snap & Go”? Download the Snap n Go app from our website: sng.mizzou1.com Install the app

  15. How to use “Snap & Go”? Register in the App Login The Account Username and Password will be saved on the Identity Provider Server.

  16. How to use “Snap & Go”? Choose Enter Passcode(Create New Card)

  17. How to use “Snap & Go”? Enter the information and save as a card The information card will be saved on the server as well as in the phone.

  18. How to use “Snap & Go”? We can see, edit or create cards under my account

  19. How to use “Snap & Go”? Open a relying party website that needed to login. For example: http://sng.mizzou1.com/

  20. How to use “Snap & Go”? Choose Scan QRcode button

  21. How to use “Snap & Go”? Use the camera on the phone to scan the QRcode on the computer screen

  22. How to use “Snap & Go”? Choose one card that you want to use

  23. How to use “Snap & Go”? Login Succeed

  24. How to use “Snap & Go”? Card Information Received by the Relying Party Server.

  25. Thank You! Smartphone-based authorization system Zhou, Guanlong– Web & Database Developer Yilihamujiang, Ailiyasijiang – App Developer

More Related