Triggering IDM authentication methods based on device capabilities information
Identity management systems are a reality today in the Internet. Single sign-on (SSO) systems allow users to authenticate once in the system and interact with different services providers without the need for creating new accounts. However, most identity management systems only support a simple authentication mechanism, which most of the cases is based on login and password, with its well known associated vulnerabilities like phishing attacks, for instance. In order to mitigate those drawbacks and improve the overall security of the system, we propose an enhancement of SSO systems which allows the identity providers to dynamically choose the best authentication method (e.g. fingerprint, digital certificates, smart cards, etc) being applied to the user based on the users' device capabilities and context information.
Full Text: PDF