Triple-Identity Authentication: The Future of Secure Access

TL;DR

This paper proposes a novel Triple-Identity Authentication scheme that enhances security by combining user credentials with mobile device identifiers and employing a decentralized, hash-based verification process at system login points.

Contribution

It introduces a new authentication method integrating device identifiers with credentials and a matrix-like hash algorithm for decentralized, autonomous security gates.

Findings

The scheme effectively combines credentials with IMEI and IMSI for stronger identity verification.

Decentralized authentication allows local systems to autonomously verify user identities.

The approach enhances security at multiple system interaction points.

Abstract

In password-based authentication systems, the username fields are essentially unprotected, while the password fields are susceptible to attacks. In this article, we shift our research focus from traditional authentication paradigm to the establishment of gatekeeping mechanisms for the systems. To this end, we introduce a Triple-Identity Authentication scheme. First, we combine each user credential (i.e., login name, login password, and authentication password) with the International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) of a user's smartphone to create a combined identity represented as "credential+IMEI+IMSI", defined as a system attribute of the user. Then, we grant the password-based local systems autonomy to use the internal elements of our matrix-like hash algorithm. Following a credential input, the algorithm hashes it, and then the local system, rather than the algorithm, creates an identifier using a set of elements randomly selected from the algorithm, which is used to verify the user's combined identity. This decentralized authentication based on the identity-identifier handshake approach is implemented at the system's interaction points, such as login name field, login password field, and server's authentication point. Ultimately, this approach establishes effective security gates, empowering the password-based local systems to autonomously safeguard user identification and authentication processes.