Philippine Engineering Journal, Vol 33, No 1 (2012)

Font Size:  Small  Medium  Large

SYSTEM: SECURE ONLINE USB LOGIN SYSTEM SOUL SYSTEM: SECURE ONLINE USB LOGIN SYSTEMSOUL SYSTEM: SECURE ONLINE USB LOGIN SYSTEMSOUL SYSTEM: SECURE ONLINE USB LOGIN SYSTEM SOUL SYSTEM: SECURE ONLINE USB LOGIN SYSTEM SOUL SYSTEM: SECURE ONLINE USB LOGIN SYSTE

Kevin Charles Atienza, Rod Xavier Bondoc, Joshua Arvin Lat, Susan B. Pancho-Festin

Abstract


The SOUL System is a secure online authentication system involving a two-factor authentication scheme that uses a password and an ordinary hardware device as security token.

The three main parts of the system include the website, the ordinary hardware device, and a trusted third party. The website must first be integrated with the web API provided and then registered to the trusted third party website to allow two-factor authentication. The security token is any ordinary hardware digital container that holds files such as BMP and PNG where the user’s data are hidden. Examples of possible containers include a USB flash drive, a laptop, a cellular phone, and even a dropbox folder. It must be registered with the trusted third party for it to access the SOUL-System-integrated websites. The trusted third party stores and provides the public keys of both the two-factor-login-enabled websites and the registered security tokens.

The SOUL System ensures a more secure website authentication by adding another requirement to the login and registration processes. Instead of having only a password to log in, the user now requires both a password and the security token to access the website. If any hacker manages to obtain the user’s password but not the contents of the security token, he would still be unable to access the accounts. If the hacker manages to steal the security token, the accounts are still inaccessible without the password.

General Terms: Security

Keywords: Two-factor Authentication, Trusted Third Party, USB Token, Web Framework


Full Text: PDF