Method of Secure App user Authentication from Auto-Login in the Mobile Device

Abstract

Background/Objectives: At the present where services are provided using devices, the importance of mobile device authentication is increasing. We propose secure authentication method from auto-login function. Methods: Mobile carriers remotely prevent using the device after the process getting the report of missing cellphone, but that can’t be a complete solution when the USIM is removed or connection is made via wifi. This paper suggests a method with which when the service is requested by an app from mobile device, Service Provider decides to provide services after checking whether the device is lost through a trusted authority. Findings: A user, the owner of a cellphone, registers serial information of Phone, pSN, and reports when the cellphone is lost, and carries out a process to withdraw services. The service provider, whenever a service is requested, decides whether to provide the service through lost device checking process. In this way, the vulnerability of auto-login function of a lost phone can be fixed. Proposed method with the process to check the loss added authentication time compared to existing methods, but in terms of security and privacy protection, proposed method is superior because it provides services only when the device is not lost. Application/Improvements: With regard to solution to BYOD vulnerability and secure SSO, which have been recent issues, proposed method can be utilized as an effective method.