Universal login
Download as PPTX, PDF0 likes274 views
This document outlines a proposal for a universal login system called Universal Login. It aims to address common frustrations with logins like remembering passwords and trusting sites with personal information. The system would allow users to create a single account that can be used to securely authenticate to other apps and sites. A client app would run on each device and manage security locally, exchanging user data with apps in a safe, approval-driven way. This provides a simpler and more secure alternative to existing login systems like OpenID. A demo of the proposed Universal Login architecture and features is described, along with plans for future work.
![Open ID [2007]
Make an account with Google/Yahoo/PayPal and use it everywhere
Same protocols can be used to verify an account with any identity provider
No identifying info needed to create an account (just an email)
Little-implemented extension for exchanging attributes (OpenID Attribute
Exchange)
Google does local password / account info save instead
Heterogeneous implementations of user profile
Does not address the trust issue
No banks used Open ID](https://image.slidesharecdn.com/universalloginpresentation-140910150317-phpapp02/85/Universal-login-4-320.jpg)
Universal login
- 1. Universal Login Daniel Wilkey dgw2109 Cellular Networks and Mobile Computing Spring 2014
- 2. Outline Why we hate logins Open ID Universal Login Demo Future Work Questions
- 3. Why We Hate Logins Remembering passwords Can I really trust this site? How do they know it’s me? I don’t want to enter my personal information PayPal for credit cards What if someone hacks my account? What if I forget to logout?
- 4. Open ID [2007] Make an account with Google/Yahoo/PayPal and use it everywhere Same protocols can be used to verify an account with any identity provider No identifying info needed to create an account (just an email) Little-implemented extension for exchanging attributes (OpenID Attribute Exchange) Google does local password / account info save instead Heterogeneous implementations of user profile Does not address the trust issue No banks used Open ID
- 5. Universal Login Single, secure* site for user authentication Client app runs on each device and manages security for that device Safe, approval-driven method for exchanging private user data Easy, push-notification-based protocol for managing logged in devices Apps can log out of private screens without refresh and without battery drain Web authentication protocol is proprietary and unpublished, consumer apps only know how to communicate with the local client Security standard can be published for all users to review Would not be used for social networking
- 6. Universal Login - Architecture Server written with AppEngine Maintains session info, user data Android App client Allows user to sign up, login, logout, and update profile Receives requests from other apps to login / retrieve data Allows user to logout all other devices • Listens to push notifications to know when to log out • Rebroadcasts server log out notifications so that local apps are aware
- 7. Universal Login - Architecture Resource optimized Recipient apps do not need a connection to the remote server (no chance of being sloppy) App login and data fetch are handled with a single request to limit traffic Secure No user data other than session info is saved locally All private data is delivered on demand
- 8. Demo - Create Account Welcome email sent to subscriber
- 9. Demo - Sign In
- 10. Demo - User Profile
- 11. Demo - Sign In / Data Exchange
- 12. Demo - Multi-Device Logout
- 13. Future Work Fix minor* security flaws Introduce means of user identity establishment 2-factor authentication MacOS/iOS, Windows OS/Phone, and Linux clients Potentially a web-based client as well Personal data exchange audit log
- 14. Questions?