A Composite User Authentication Architecture for Mobile Devices

Document Type

Journal Article


School of Computer and Information Science


Faculty of Computing, Health and Science


School of Computer and Information Science / Centre for Security Research




Clarke, N. L. (2006). A composite user authentication architecture for mobile devices. In Journal of Information Warfare 5(2)11-29. Available here


As the functionality and services provided by mobile devices increases, the need to provide effective user authentication against misuse and abuse becomes ever more imperative. With traditional secret knowledge based techniques having been proven weak, a requirement exists for authentication techniques to provide stronger protection. This paper proposes the use of a portfolio of authentication techniques to provide a robust, accurate and transparent authentication mechanism for mobile devices, extending security beyond point-of-entry into a continuous and user convenient approach. An Intelligent Authentication Management System (IAMS) is described that provides a continuous confidence level in the identity of the user, removing access to sensitivity services and information with low confidence levels and providing automatic access with higher confidence levels. The theoretical level of system performance is examined on a range of mobile devices, suggesting that it should be possible to achieve acceptably low levels of false acceptance and false rejection error in practical application.