Global Journal of Engineering and Technology Review
Abstract
Objective – This paper presents the high level conceptual architecture of SUPA, an authentication system that
would allow a system to authenticate users without having its own repository of users’ secret identification
related data.
Methodology/Technique – Central storage and management of user credentials or passwords leave a single
tempting repository for the attackers. If the credentials are not stored by a system at all, there will be no stored
‘vault’ to allure the attackers. At the same time, there will be no single resource that holds the credentials of all
users of a system. SUPA enables a system to authenticate itself users without having their secret credentials
stored in it.
Findings – The proposed authentication system uses the features of asymmetric encryption as part of its
authentication process.
Novelty – SUPA eliminates the requirement of secret user credentials at the system end, the user credentials are
retained within the end-user’s devices