抄録
In this paper, we propose a new authentication mechanism for the mobile environments, called Self-Delegation. In the mechanism, a user stores information that relates to strict authentication in a tamper-resistant module that can be kept securely at home. Time-limited authority is delegated to the mobile terminal by communicating with the tamper-resistant module on a local basis. After the delegation, a remote service can authenticate the user for a limited time. We propose two self-delegation schemes, and analyze the security of the proposed scheme based on a security model that we define. Furthermore, we have implemented the self-delegation and authentication protocols on a PDA and a Java card, both of which have ISO14443 I/F, and show the feasibility of the implemented protocols.
