In the enterprise environment, companies often provide mobile devices to employees and develop a suite of applications to facilitate the day-to-day computing needs of the employees. For security reasons, many of these applications require some form of authentication. Rather than require a user to logon to each individual application, single sign on (SSO) allows the user to enter a user identification and password to logon to a shared network to access multiple applications.
User identifications and passwords are not the most secure authentication mechanism and can be spoofed by unauthorized parties. As a result, SSO is sometimes enhanced by using digital certificates, security tokens, smart cards, and/or biometric authentication mechanisms, for example, to provide access to higher risk applications and information.
SSO between applications on a mobile device sometimes require a shared token. Certain mobile devices, such as the Apple® iPhone® (available from Apple Corporation of Cupertino, California), for example, prevent sharing of tokens between applications, thereby restricting the ability of companies to use SSO between multiple applications on the device. Applications can use a device's built-in identity, including the telephone number (TN) and the Universal Unique Identifier (UUID), for authentication. These identifiers, however, are fixed and easily found, allowing for spoofing of the device's identity.