Browse > Article
http://dx.doi.org/10.13089/JKIISC.2018.28.6.1509

POSCAL : A Protocol of Service Access Control by Authentication Level  

Yoo, SeongMin (The Affiliated Institute of ETRI)
Choi, SeokJin (The Affiliated Institute of ETRI)
Park, JunHoo (Chungnam National University)
Ryou, Jae-Cheol (Chungnam National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.28, no.6, 2018 , pp. 1509-1522 More about this Journal
Abstract
The purpose of this study is to support flexible authentication functions in various services using various types of user information. Rather than requiring the same level of authentication for all services, the goal is to identify the level of authentication at the time of user authentication and to increase convenience and efficiency by dynamically granting authority. In this paper, we propose POSCAL (Protocol of Service Control by Authentication Level) protocol which can control service access based on various local authentication information. To verify the function of the authentication framework, we developed the electronic wallet service based on the POSCAL authentication framework and evaluated the implementation function based on the use case scenario. The proposed protocol satisfies user and message authentication, confidentiality of authentication information, integrity of authentication history, non - repudiation of authorization, and access control by service according to security level.
Keywords
Authentication Protocol; Access Control; Biometrics; FinTech; e-Wallet; Authentication Framework;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Wise Guy Reports, "Global Biometric Systems Market Research and Forecast," March 2018.
2 Gartner, "Market Trends: New Biometric Authentication Methods in Smartphones Will Redefine User Experience," Nov. 2018.
3 Gartner, "Gartner Highlights 10 Uses for AI-Powered Smartphones," Jan. 2018.
4 Jong-Dae Kim and Byung-Soon Moon, "Biometrics authentication increases as wearable market grows," LG Business Insight, pp.38-44, May 2015.
5 DMCmedia, "Actual usage of mobile simple payment service," April 2015.
6 SamsungPay, http://www.samsung.com/us/samsung-pay/
7 ApplePay, http://www.apple.com/apple-pay/
8 Google, https://www.android.com/versions/marshmallow-6-0/
9 Jin-gyu Beom, "Study on the security enhanced PKI certificate management using the biometric informaiton," Sungkyunkwan University, Feb. 2013.
10 Sang-soo Jang, "A Study on the Impact of Fintech on the Information Protection Industry," KISA INTERNET& SECURITY FOCUS, Feb. 2015.
11 Guillermo Martinez-Silva, Francisco Rodriguez-Henriquez, Nareli Cruz-Cortes, and Levent Ertaul, "On the Generation of X.509v3 Certificates with Biometric Information," Proceeding of The 2007 International Conference on Security and Management, pp.52-57, Jan. 2007.
12 Sunghyuck Hong and Sunho Lim, "On Biometric Enabled X.509 Certificate," International Conference on Information Security and Privacy, July 2010.
13 Han-Ul Jang and Heung-Kyu Lee, "Biometric-PKI Authentication System Using Fingerprint Minutiae," Journal of Computer and Communications vol.2, no.4, pp.25-30, March 2014.   DOI
14 RSA, "Card-Not-Present Fraud in a Post-EMV Environment: Combating the Fraud Spike," June 2014.
15 Andrew Burnett, Fergus Byrne, Tom Dowling, and Adam Duffy, "A Biometric Identity Based Signature Scheme," International Journal of Network Security vol.5, no.3, pp.317-326, Nov. 2007.
16 FIDO Alliance, https://fidoalliance.org/
17 W3C Candidate Recommendation, "Web Authentication: An API for accessing Public Key Credentials Level 1," Aug. 2018.
18 Abbie Barbir, Multi-factor Authentication Methods Taxonomy, Feb. 2013.
19 ISO/IEC 9798-3, "Information technology - Security techniques - Entity authentication mechanisms; Part 3: Entity authentication mechanisms using a public key algorithm," 1993.
20 Gartner, A Taxonomy of Authentication Methods, OASIS Trust Elevation TC, Feb. 2008.
21 KISA, "Research on security criteria for extension to electronic authentication method usage_based," Dec. 2011.
22 Wikipedia, Object identifier, https://en.wikipedia.org/wiki/Object_identifier
23 Suk-jae Lim, "FinTech security trends," TTA Journal vol.158, pp.72-79, March 2015.