An essential feature of new generation networks is the availability of many new services offered by several different players (network operators, value-added service providers, content providers and so on). In this scenario the problem of identity verification becomes very complex. Different applications and services have their own authentication method and use different credentials. Quite often the user is harassed by a plethora of PINs, usernames and passwords, which are difficult to remember, or easy to guess. Biometric techniques have been proposed for various applications, but, although very secure, they are perceived as intrusive and cumbersome. Smartcards support sound authentication methods, but can be lost or stolen. More reliable, flexible and easy-to-use methods are needed. The approach that we are pursuing is based on two principles: -in order to cope with heterogeneous authentication methods, application-specific credential are recovered from a network-centered secure repository, after a reliable user identification procedure is carried out; -in order to limit complex and annoying procedures, simple, non intrusive techniques are used in situations when they reinforce/confirm a high level of security already achieved. As a general principle, we plan to apply the combination of several techniques (biometric, smartcard and traditional PIN/password) in order to obtain a controlled level of security in the access to many types of network-based services, while limiting as much as possible the inconveniences relative to each specific technique. The network shall host application-specific authentication credentials. A first implementation of this paradigm combines fingerprint recognition and contactless smart cards in a highly secure system. After the biometric identification is carried out, the contactless smart card allows to sense the user presence, in order to unlock his/her workstation and to recover from a server, using a secure protocol, the credential necessary to access VoIP services. The mechanism strength is guaranteed by limiting in time and space the validity of the logical association between biometric identification and card ownership.
Melen, R., Pignolo, M., Sioli, M. (2006). A multimodal authentication system for authorizing the access to NGN services. In Proceedings of the International conference on Networking and Services (pp.47-51). Washington D.C. : IEEE Computer Society [10.1109/ICNS.2006.6].
A multimodal authentication system for authorizing the access to NGN services
MELEN, RICCARDO;
2006
Abstract
An essential feature of new generation networks is the availability of many new services offered by several different players (network operators, value-added service providers, content providers and so on). In this scenario the problem of identity verification becomes very complex. Different applications and services have their own authentication method and use different credentials. Quite often the user is harassed by a plethora of PINs, usernames and passwords, which are difficult to remember, or easy to guess. Biometric techniques have been proposed for various applications, but, although very secure, they are perceived as intrusive and cumbersome. Smartcards support sound authentication methods, but can be lost or stolen. More reliable, flexible and easy-to-use methods are needed. The approach that we are pursuing is based on two principles: -in order to cope with heterogeneous authentication methods, application-specific credential are recovered from a network-centered secure repository, after a reliable user identification procedure is carried out; -in order to limit complex and annoying procedures, simple, non intrusive techniques are used in situations when they reinforce/confirm a high level of security already achieved. As a general principle, we plan to apply the combination of several techniques (biometric, smartcard and traditional PIN/password) in order to obtain a controlled level of security in the access to many types of network-based services, while limiting as much as possible the inconveniences relative to each specific technique. The network shall host application-specific authentication credentials. A first implementation of this paradigm combines fingerprint recognition and contactless smart cards in a highly secure system. After the biometric identification is carried out, the contactless smart card allows to sense the user presence, in order to unlock his/her workstation and to recover from a server, using a secure protocol, the credential necessary to access VoIP services. The mechanism strength is guaranteed by limiting in time and space the validity of the logical association between biometric identification and card ownership.
| File | Dimensione | Formato | |
|---|---|---|---|
|
A multimodal authentication.pdf
accesso aperto
Tipologia di allegato:
Author’s Accepted Manuscript, AAM (Post-print)
Dimensione
147.43 kB
Formato
Adobe PDF
|
147.43 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
