Multifactor Authentication Protocol in a Mobile Environment

The implementation of services that process confidential data in a mobile environment requires an adequate level of security with the strictest possible mechanisms of information protection. The dominance of mobile devices as client applications of distributed systems has led to the development of new techniques that combine traditional methods of protection with protocols leveraging the potential of numerous interfaces available from a smartphone. For this reason, an upward trend in the use of biometricsbased methods and dynamically generated OTP secrets can be observed. Mobile devices are increasingly used in complex business processes that require strong user authentication methods, which, according to the European Commission (Regulation), must use at least two authentication factors belonging to different categories. Therefore, on the basis of the analysis of the solutions presented so far, a distributed protocol has been proposed. It enables user authentication using three authentication factors: possession, knowledge, and inherence. The described authentication scheme refers to the possibility of carrying out the process in the mobile environment of the Android platform with guaranteed authentication support.