Towards User Authentication Requirements for Mobile Computing

Abstract

The emergence and ubiquity of mobile computing has placed powerful capabilities in one's hand providing a wide range of applications such as email, calendar, photos, browsers, social network, communication, shopping, health and fitness, games etc., which were once restricted to traditional platforms. Such applications on a single mobile device raise critical security issues related to managing identity, re-authenticating users that stay active for long periods of time, protecting sensitive PII and PHI against access and misuse, insuring secure transactions, and protecting the physical device. This chapter explores user authentication requirements for mobile computing by: evaluating alternative user authentication requirements in order to make recommendations on their usage in authentication; identifying authentication methods used in mobile healthcare applications; and proposing a set of requirements for user authentication to handle the situation when a user seeks to be securely authenticated across a set of applications that are placed into context within a framework.