{"id":"https://openalex.org/W4416962086","doi":"https://doi.org/10.1109/pst65910.2025.11268840","title":"Beyond SSO: Mobile Money Authentication for Inclusive e-Government in Sub-Saharan Africa","display_name":"Beyond SSO: Mobile Money Authentication for Inclusive e-Government in Sub-Saharan Africa","publication_year":2025,"publication_date":"2025-08-26","ids":{"openalex":"https://openalex.org/W4416962086","doi":"https://doi.org/10.1109/pst65910.2025.11268840"},"language":null,"primary_location":{"id":"doi:10.1109/pst65910.2025.11268840","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst65910.2025.11268840","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5068533213","display_name":"Oluwole Adewusi","orcid":null},"institutions":[{"id":"https://openalex.org/I4210130200","display_name":"Carnegie Mellon University Africa","ror":"https://ror.org/02f33m021","country_code":"RW","type":"education","lineage":["https://openalex.org/I4210130200","https://openalex.org/I74973139"]}],"countries":["RW"],"is_corresponding":true,"raw_author_name":"Oluwole Adewusi","raw_affiliation_strings":["Carnegie Mellon University Africa,College of Engineering,Kigali,Rwanda"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University Africa,College of Engineering,Kigali,Rwanda","institution_ids":["https://openalex.org/I4210130200"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119832456","display_name":"Wallace S. Msagusa","orcid":null},"institutions":[{"id":"https://openalex.org/I4210130200","display_name":"Carnegie Mellon University Africa","ror":"https://ror.org/02f33m021","country_code":"RW","type":"education","lineage":["https://openalex.org/I4210130200","https://openalex.org/I74973139"]}],"countries":["RW"],"is_corresponding":false,"raw_author_name":"Wallace S. Msagusa","raw_affiliation_strings":["Carnegie Mellon University Africa,College of Engineering,Kigali,Rwanda"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University Africa,College of Engineering,Kigali,Rwanda","institution_ids":["https://openalex.org/I4210130200"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119832457","display_name":"Jean Pierre Imanirumva","orcid":null},"institutions":[{"id":"https://openalex.org/I4210130200","display_name":"Carnegie Mellon University Africa","ror":"https://ror.org/02f33m021","country_code":"RW","type":"education","lineage":["https://openalex.org/I4210130200","https://openalex.org/I74973139"]}],"countries":["RW"],"is_corresponding":false,"raw_author_name":"Jean Pierre Imanirumva","raw_affiliation_strings":["Carnegie Mellon University Africa,College of Engineering,Kigali,Rwanda"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University Africa,College of Engineering,Kigali,Rwanda","institution_ids":["https://openalex.org/I4210130200"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5118808365","display_name":"Okemawo Obadofin","orcid":null},"institutions":[{"id":"https://openalex.org/I4210130200","display_name":"Carnegie Mellon University Africa","ror":"https://ror.org/02f33m021","country_code":"RW","type":"education","lineage":["https://openalex.org/I4210130200","https://openalex.org/I74973139"]}],"countries":["RW"],"is_corresponding":false,"raw_author_name":"Okemawo Obadofin","raw_affiliation_strings":["Carnegie Mellon University Africa,College of Engineering,Kigali,Rwanda"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University Africa,College of Engineering,Kigali,Rwanda","institution_ids":["https://openalex.org/I4210130200"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5034886864","display_name":"Jema David Ndibwile","orcid":"https://orcid.org/0000-0002-7962-2237"},"institutions":[{"id":"https://openalex.org/I4210130200","display_name":"Carnegie Mellon University Africa","ror":"https://ror.org/02f33m021","country_code":"RW","type":"education","lineage":["https://openalex.org/I4210130200","https://openalex.org/I74973139"]}],"countries":["RW"],"is_corresponding":false,"raw_author_name":"Jema D. Ndibwile","raw_affiliation_strings":["Carnegie Mellon University Africa,College of Engineering,Kigali,Rwanda"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University Africa,College of Engineering,Kigali,Rwanda","institution_ids":["https://openalex.org/I4210130200"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5068533213"],"corresponding_institution_ids":["https://openalex.org/I4210130200"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.50334358,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"11"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.23270000517368317,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.23270000517368317,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13194","display_name":"ICT in Developing Communities","score":0.21330000460147858,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.20829999446868896,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.6040999889373779},{"id":"https://openalex.org/keywords/session","display_name":"Session (web analytics)","score":0.510699987411499},{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.45899999141693115},{"id":"https://openalex.org/keywords/multi-factor-authentication","display_name":"Multi-factor authentication","score":0.41769999265670776},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.4097999930381775},{"id":"https://openalex.org/keywords/authentication-protocol","display_name":"Authentication protocol","score":0.40950000286102295},{"id":"https://openalex.org/keywords/mobile-device","display_name":"Mobile device","score":0.3831999897956848},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.37869998812675476},{"id":"https://openalex.org/keywords/service-provider","display_name":"Service provider","score":0.36309999227523804},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.3612000048160553}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7170000076293945},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6941999793052673},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.6040999889373779},{"id":"https://openalex.org/C2779182362","wikidata":"https://www.wikidata.org/wiki/Q17126187","display_name":"Session (web analytics)","level":2,"score":0.510699987411499},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.45899999141693115},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.43529999256134033},{"id":"https://openalex.org/C194699767","wikidata":"https://www.wikidata.org/wiki/Q7878662","display_name":"Multi-factor authentication","level":4,"score":0.41769999265670776},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.4097999930381775},{"id":"https://openalex.org/C21564112","wikidata":"https://www.wikidata.org/wiki/Q4825885","display_name":"Authentication protocol","level":3,"score":0.40950000286102295},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.3831999897956848},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.37869998812675476},{"id":"https://openalex.org/C116537","wikidata":"https://www.wikidata.org/wiki/Q2169973","display_name":"Service provider","level":3,"score":0.36309999227523804},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.3612000048160553},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.36000001430511475},{"id":"https://openalex.org/C41878487","wikidata":"https://www.wikidata.org/wiki/Q191018","display_name":"Session Initiation Protocol","level":3,"score":0.35839998722076416},{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.3433000147342682},{"id":"https://openalex.org/C144543869","wikidata":"https://www.wikidata.org/wiki/Q2738570","display_name":"Mobile computing","level":2,"score":0.336899995803833},{"id":"https://openalex.org/C167169670","wikidata":"https://www.wikidata.org/wiki/Q1824705","display_name":"Lightweight Extensible Authentication Protocol","level":4,"score":0.33640000224113464},{"id":"https://openalex.org/C160949748","wikidata":"https://www.wikidata.org/wiki/Q1365703","display_name":"Mobile payment","level":3,"score":0.3301999866962433},{"id":"https://openalex.org/C22111027","wikidata":"https://www.wikidata.org/wiki/Q1070427","display_name":"Internet security","level":4,"score":0.325300008058548},{"id":"https://openalex.org/C196491621","wikidata":"https://www.wikidata.org/wiki/Q554830","display_name":"Man-in-the-middle attack","level":3,"score":0.28459998965263367},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.2777999937534332},{"id":"https://openalex.org/C40367706","wikidata":"https://www.wikidata.org/wiki/Q230110","display_name":"Subscriber identity module","level":3,"score":0.2750999927520752},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.2709999978542328},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.26930001378059387},{"id":"https://openalex.org/C207828512","wikidata":"https://www.wikidata.org/wiki/Q1060131","display_name":"Challenge-Handshake Authentication Protocol","level":4,"score":0.2680000066757202},{"id":"https://openalex.org/C141492731","wikidata":"https://www.wikidata.org/wiki/Q1052621","display_name":"Message authentication code","level":3,"score":0.26750001311302185},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.26669999957084656},{"id":"https://openalex.org/C142124187","wikidata":"https://www.wikidata.org/wiki/Q5101471","display_name":"Chip Authentication Program","level":5,"score":0.26409998536109924},{"id":"https://openalex.org/C2993791488","wikidata":"https://www.wikidata.org/wiki/Q676459","display_name":"Bank account","level":3,"score":0.2639000117778778},{"id":"https://openalex.org/C60952562","wikidata":"https://www.wikidata.org/wiki/Q6887246","display_name":"Mobile technology","level":3,"score":0.2621000111103058},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.2581999897956848},{"id":"https://openalex.org/C11560541","wikidata":"https://www.wikidata.org/wiki/Q1756025","display_name":"Replay attack","level":3,"score":0.2572999894618988},{"id":"https://openalex.org/C95491727","wikidata":"https://www.wikidata.org/wiki/Q992968","display_name":"Mobile telephony","level":3,"score":0.2526000142097473}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/pst65910.2025.11268840","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst65910.2025.11268840","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320310207","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W2133783145","https://openalex.org/W2136568140","https://openalex.org/W2313982364","https://openalex.org/W2531949892","https://openalex.org/W2891922784","https://openalex.org/W3015030707","https://openalex.org/W3087771973","https://openalex.org/W3202030867","https://openalex.org/W4385679811","https://openalex.org/W4391156966","https://openalex.org/W4393102548"],"related_works":[],"abstract_inverted_index":{"The":[0,172,219],"rapid":[1],"adoption":[2],"of":[3,24,175,213],"Mobile":[4,31],"Money":[5,32],"Services":[6],"(MMS)":[7],"in":[8,21,165,205,226],"Sub-Saharan":[9],"Africa":[10],"(SSA)":[11],"offers":[12],"a":[13,56,96,123,162,180,193],"viable":[14],"path":[15],"to":[16,41,150,169],"improve":[17],"e-Government":[18],"service":[19],"accessibility":[20,187],"the":[22],"face":[23,36],"persistent":[25],"low":[26],"internet":[27],"penetration.":[28],"However,":[29],"existing":[30],"Authentication":[33],"(MMA)":[34],"methods":[35,121],"critical":[37],"limitations,":[38],"including":[39],"susceptibility":[40],"SIM":[42,100,200],"swapping,":[43],"weak":[44],"session":[45,71,105,190],"protection,":[46],"and":[47,104,113,147,152,157,188,202,207,228],"poor":[48,139],"scalability":[49,210],"during":[50],"peak":[51],"demand.":[52],"This":[53],"study":[54],"introduces":[55],"hybrid":[57,181],"MMA":[58,82],"framework":[59,196],"that":[60,84,184],"combines":[61],"Unstructured":[62],"Supplementary":[63],"Service":[64],"Data":[65],"(USSD)-based":[66],"multi-factor":[67],"authentication":[68,98,127,182],"with":[69,215,231],"secure":[70,189,223],"management":[72],"via":[73],"cryptographically":[74],"bound":[75],"JSON":[76],"Web":[77],"Tokens":[78],"(JWT).":[79],"Unlike":[80],"traditional":[81],"systems":[83],"rely":[85],"solely":[86],"on":[87],"SIM-PIN":[88],"verification":[89],"or":[90],"smartphone-dependent":[91],"biometrics,":[92],"our":[93],"design":[94],"implements":[95],"three-factor":[97],"model;":[99],"verification,":[101],"PIN":[102],"entry,":[103],"token":[106],"binding,":[107],"tailored":[108,194],"for":[109,211],"resourceconstrained":[110],"environments.":[111],"Simulations":[112],"comparative":[114],"analysis":[115],"against":[116],"OAuth-based":[117],"Single":[118],"Sign-On":[119],"(SSO)":[120],"reveal":[122],"$45":[124],"\\%$":[125,135,143],"faster":[126],"time":[128],"(8":[129],"seconds":[130],"vs.":[131,144],"12-15":[132],"seconds),":[133],"$15":[134],"higher":[136],"success":[137],"under":[138],"network":[140],"conditions":[141],"($95":[142],"$80":[145],"\\%$),":[146],"increased":[148],"resistance":[149],"phishing":[151],"brute-force":[153],"attacks.":[154],"Penetration":[155],"testing":[156],"threat":[158],"modeling":[159],"further":[160],"demonstrate":[161],"substantial":[163],"reduction":[164],"vulnerability":[166],"exposure":[167],"compared":[168],"conventional":[170],"approaches.":[171],"primary":[173],"contributions":[174],"this":[176],"work":[177],"are:":[178],"(1)":[179],"protocol":[183],"ensures":[185],"offline":[186],"continuity;":[191],"(2)":[192],"security":[195],"addressing":[197],"threats":[198],"like":[199],"swapping":[201],"social":[203],"engineering":[204],"SSA;":[206],"(3)":[208],"demonstrated":[209],"thousands":[212],"users":[214],"reduced":[216],"infrastructure":[217],"overhead.":[218],"proposed":[220],"approach":[221],"advances":[222],"digital":[224],"inclusion":[225],"SSA":[227],"other":[229],"regions":[230],"similar":[232],"constraints.":[233]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-12-03T00:00:00"}