As the popularity of mobile telephones and other mobile devices increases, the availability of valuable services offered over these devices also increases. The use of a mobile device for electronic banking and on-line shopping is expected to rise in popularity. While the services offered over mobile devices become more valuable, the need for security gains in importance. For example, if it is possible to use a mobile device to transfer money between bank accounts, it is important to ensure that the person using the mobile device is authorized to do so.
One technique for authorizing users is to store a private key or other token on the mobile device. However, if the device were to fall into the hands of a malicious user, the malicious user would have access to the private key. Another technique for authorizing users is the use of a password. As users are constantly asked for passwords to access different services, however, the temptation to re-use passwords or to write down passwords in an easily-accessible location can be great, despite the attendant compromises to security.
Mobile devices often communicate with a network using the mobile IP protocol, described in, for example, C. Perkins, ed., “IP Mobility Support for IPv4,” Internet Request for Comments (RFC) 3220 (January 2002).
In the mobile IP protocol, a mobile device is associated with a network node called the home agent. The home agent assigns an IP address to the mobile device, so that data packets addressed to the mobile device are routed to the home agent. The mobile device may be at a location far from the home agent, however, so that the home agent cannot send the data packets directly to the mobile device. To allow the mobile device to communicate with the network even when it is distant from the home agent, the mobile device registers with another network node known as a foreign agent. Different foreign agents may be provided to cover different geographic locations, and the mobile device may select different foreign agents depending on its location. The foreign agent sends a registration message to the home agent, notifying the home agent that the foreign agent is in communication with the mobile device.
Communications are sent to the mobile device as follows. The home agent receives data addressed to the mobile device. The home agent sends that data to the foreign agent with which the mobile device has registered, and the foreign agent in turn sends the data to the mobile device. The foreign agent communicates with the mobile device via, for example, a point-to-point protocol (PPP) connection.
An authentication system that provides secure access to a mobile device would help to ensure that only authorized users can access valuable on-line services over a mobile device.