Local Authentication with Bluetooth enabled Mobile Devices

As the processing power of mobile devices such as PDAs and smartphones increase they constitute the target platforms for new value-added services and applications and excellent candidates for Personal Trusted Devices (PTDs). Furthermore, handheld devices are increasingly networked and thus provide a natural and ubiquitous token for authentication purposes. This paper presents a framework and prototype system for exploiting these facts. A Bluetoothenabled smartphone is used to protect a laptop from unauthorised access with an approach that improves convenience and usability from the user's perspective. The main building blocks are a Diffie-Hellmann based two-party key agreement protocol with authentication mechanisms based on Java midlets and low-entropy human memorable passwords. The results are readily extended to other environments such as payment transactions, remote control of appliances and services, transactions on unattended dispensers of goods such as parking meters, petrol stations, etc.