Mobile Application Authentication and Authorization Methods in Enterprise Environment

OData support
Dr. Fehér Gábor
Department of Telecommunications and Media Informatics

Goal of thesis: the implementation and design of a prototype solution for trusted authentication of enterprise mobile applications that access the enterprise document repository or other workflows, based on the research and evaluation of different authentication and authorization methodologies.

During the research, design and implementation of enterprise IT strategy concerning mobility and security are also discussed. Actual enterprise IT policies, consideration and specification of different secure strategies are examined, the recent mobile ICT situation is also described including mobile market shares and mobile security concerns. Significant factors for feasibility of trusted enterprise mobile applications are summarized.

Available authentication methodologies, design patterns and procedures are analyzed in details and compared, based on different requirements such as feasibility, security, cost-effectiveness, usage and other technological aspects. Besides the examined authentication procedures and infrastructure (password based, biometric, HW token based, PKI, OTP, Location based, other IT policy and certificate dependent methods), the application of most significant and prevailing cryptographic algorithms, different attacks and countermeasures are considered.

Trusted collaboration with centralized enterprise systems is highly influenced by precise and well-designed authorization handling. Related Access Control model requirements and patterns are examined and the authorization of three relevant Document Management Systems are described and evaluated (including EMC Documentum, Microsoft SharePoint Server 2010 and GoogleDocs).

Based on the research of authentication and authorization methodologies a mobile authentication process and an API (Application Programming Interface) has been designed, and a prototype specification is created. The authentication process implemented in the prototype, is visualized by a sequence diagram and demonstrated and tested through a specific application. Expected and real test results are described in detail.

As a conclusion the further development options of the prototype are construed based on technological and strategic aspects.


Please sign in to download the files of this thesis.