Trusted computing based user authentication for mobile equipment

In this paper, according to the features of mobile equipment (ME) an example of constructing trusted mobile platform (TMP) is presented based on the smart phone's processor, along with which three alternative methods to build trusted platform module (TPM) are discussed as well. In the framework of TMP, through combining password and fingerprint with the USIM card via RSA-KEM (Key Encapsulate Mechanism) and Hash function, a user authentication scheme is proposed to improve the security of the user domain, which achieves the mutual identification among user, ME and USIM even if their public-key certificates are issued by different certificate authorities (CAs). Moreover, the user authentication can not only easily distinguish the valid users from the pretenders but also identify the owner of ME from the genuine operators without any pre-negotiation. The performance analysis and experimental test result show that no matter what kinds of TPM is employed authors' authentication scheme is more secure, efficient and flexible than the corresponding scheme presented in TMP draft standard and achieves advanced security and better flexibility as compared to the schemes proposed by Lee, Lin et al.