Hyung-Jin Mun
Division of Information and Communication Engineering, Baekseok University, Korea

Yong-zhen Li
Network and information Security Lab, Department of Computer Science and Technology, Yanbian University, Yanji, China

Kwangyoun Jin
Department of Computer Engineering, Kangwon National University, Korea

Abstract

Background/Objectives: At the present where services are provided using devices, the importance of mobile device authentication is increasing. We propose secure authentication method from auto-login function. Methods: Mobile carriers remotely prevent using the device after the process getting the report of missing cellphone, but that can’t be a complete solution when the USIM is removed or connection is made via wifi. This paper suggests a method with which when the service is requested by an app from mobile device, Service Provider decides to provide services after checking whether the device is lost through a trusted authority. Findings: A user, the owner of a cellphone, registers serial information of Phone, pSN, and reports when the cellphone is lost, and carries out a process to withdraw services. The service provider, whenever a service is requested, decides whether to provide the service through lost device checking process. In this way, the vulnerability of auto-login function of a lost phone can be fixed. Proposed method with the process to check the loss added authentication time compared to existing methods, but in terms of security and privacy protection, proposed method is superior because it provides services only when the device is not lost. Application/Improvements: With regard to solution to BYOD vulnerability and secure SSO, which have been recent issues, proposed method can be utilized as an effective method.

Keywords