State Key Laboratory of Integrated Service Network, Xidian University, Xi’an 710071, P.R. China

---

Abstract—In the current Internet world, most of the Internet services are based on the single server model and use the password identity authentication to provide application service for the users, this means that the user must enter the identity and password, before his/her wants to login in the application service server. It is extremely hard for user to remember the different ID and password, so the single sign-on (SSO) system has been proposed to solve this problem. There many Authentication protocol proposed for the SSO system. In this paper, we first introduced the SSO system and expounded the importance of the authentication protocol in the SSO system. Then we researched on some authentication protocols which can be used in the SSO system, but there are some serious secure problems in their schemes. So we propose a secure dynamic identify based Single Sign-On authentication protocol using smart card. Our protocol can resist several kinds of attacks, such as replay attack, impersonation attack, stolen smart card attack, leak-of-verifier attack and can provide user’s anonymity. In our proposed protocol, it removes the aforementioned weaknesses of their protocols and only uses the one-way hash functions and XOR operations which make the protocol very effectively.

Index Terms—Single sign-on, Authentication, Dynamic identity, Smart card, Password

[PDF]

Cite: Qingqi Pei, Jie Yu, "A Secure Dynamic Identity based Single Sign-On Authentication Protocol," Journal of Software vol. 9, no. 1, pp. 154-161, 2014.