Title: IAM with postlogin authentication for service usage authorisation in cloud computing

Authors: Aniruddha S. Rumale; Dinesh N. Chaudhari

Addresses: Department of Computer Engineering, SVPM COE, Malegaon-bk, Baramati, India ' Department of Computer Engineering, JDIET, Yavatmal, India

Abstract: To avoid any theft or manipulation of sensitive information like user profile, or to avoid any inadvertent execution of financial transactions, identity and access management of cloud service provider (CSP) need to do postlogin authentication of a user. This can be done using some randomly generated password, different from the login password. Postlogin authentication authorises user the complete access to use sensitive part or service of user's account. It can be done by: 1) sending one time password (OTP) to user over some other safe communication network; 2) throwing some challenging intelligent designs like a game for playing, quest for solving, etc. Postlogin authentication guarantees safety of user's sensitive data and services even after the theft of username and login-password. The paper outlines in brief the generic IAM process with the need of postlogin authentication within the context of cloud computing. Paper proposes variable length OTP, and some intelligent designs for postlogin authentication.

Keywords: cloud computing; identity and access management; IAM; cloud security; authentication and authorisation; one time password; OTP; single sign on; SSO; trusted computing.

DOI: 10.1504/IJCC.2019.10019223

International Journal of Cloud Computing, 2019 Vol.8 No.1, pp.68 - 82

Accepted: 14 Sep 2018
Published online: 15 Feb 2019 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article