Open Access  Subscription Access

The Internet has brought marvelous convenience to people in recent years. In most public buildings, coffee shops, and airports, temporary personal computers are provided to users for network access. This has led to a potential risk that the secret information of the user may be stolen once these temporary computers have been compromised. Generally, a service provider verifies the authority of a user through a verification procedure. Of course, a user has to enter an authentication token into the public computer. Thus, an attacker can apply a key-logger to steal the password or personal information. After that, this attacker can impersonate a legal user to access the service. Nevertheless, previous authentication mechanisms seldom focus on how to prevent this threat but external attacks. Hence, we aim to design an authorization transfer protocol to eliminate this malicious threat, in which a smartphone has been used to help the access transfer. That is, a user can carry on network services without keying any secret information into the public computer once a switch from a laptop or mobile device to a public computer is needed. In particular, we have simulated the system to demonstrate the performance of the proposed mechanism. Moreover, the correctness of mutual authentication has been proved according to the AVISPA. The proposed method allows users to securely transfer their services to public access devices through their smartphones without disclosing their sensitive information.

Authorization transfer, Confidentiality, Public access, Keylogger, Smartphone