A Hybrid Authentication Protocol for E-commerce Systems

B. Soh and A. Joy (Australia)


E-Commerce Security, Authentication


While a secure channel provides protection against interception, an authentication system is required to protect a client and an e-commerce server from fabrication attacks. By using a modified three-way authentication, there is no need for a timeserver. Based on the modified three way authentication model, we propose a hybrid authentication protocol, whereby a strong link is created between a one-time-password e-commerce system and the hybrid authentication protocol by using a user's public key. Within a secure e-commerce framework there are two forms of authentication: (i) user-level authentication and (ii) machine-level authentication. In our proposed model, user-level authentication can be provided by one-time passwords (OTPs), while machine level authentication is provided by the proposed hybrid authentication protocol. The strengths of the proposed authentication model are also presented.

Important Links:

Go Back