Abstract
As a result of the massive growth and ubiquity of wireless networks, smart phones have become both a popular and indispensable part of modern life. Many services are offered via smart phone, such as entrance guard systems and mobile wallets. Traditional authentication mechanisms use usernames and passwords to verify user identity, however, in order to ensure sufficiently high security, passwords must be changed regularly. Although some mobile phones have near field communication (NFC) technology, which does away with the need for username and password authentication, NFC only recognizes NFC cards, and does not recognize people. Thus information security is still an issue in such systems. This study combines NFC and biometric identity verification technology to achieve authentication in these situations. In addition, the proposed model combines role-based access control to authorize suitable permissions to users. The proposed model achieves ubiquitous and comprehensive authentication and authorization management for enterprise resources.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Beika, Z., Bernd, K.: A multi-context visual web page authoring tool. In: The 3rd Annual Communication Networks and Services Research Conference, Halifax, N.S., Canada (2005)
Cao, K.: Federated Single-Sign On (SSO) approach for enterprise system. Master thesis. Aalto University, Finland (2014)
Cavoukian, A.: Mobile near field communications: keep it secure and private. ISSA J. 12–17 (2012)
Ceipidor, U.B., Medaglia, C.M., Marino, A., Morena, M., Sposato, S., Moroni, A., Di Rollo, P., Morgia, M.L.: Mobile ticketing with NFC management for transport companies. Problems and solutions. In: The 5th International Workshop on Near Field Communication (NFC2013), Zurich, Switzerland (2013)
Dey, A.K.: Understanding and using context. J. Personal Ubiquitous Comput. 5(1), 4–7 (2001)
Dodson, B., Lam, M.S.: Micro-interactions with NFC-enabled mobile phones. In: The Third International Conference on Mobile Computing, Applications, and Services (MobiCASE), Los Angeles, CA, USA (2011)
Ferraiolo, D.F., Cugini, J.A., Kuhn, D.R.: Role Based Access Control (RBAC): features and motivations. In: IEEE Computer Security Applications Conference, New Orleans. Louisiana, USA, pp. 241–248 (1995)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)
Ferraiolo, D., Kuhn, R.: Role-based access control. In: 15th National Computer Security Conference. Baltimore, USA, pp. 554–563 (1992)
Institute for Information Industry (III) FIND: The first half of 2014 survey of consumer behavior. Promoting advertising industry development project. http://www.iii.org.tw/Press/NewsDtl.aspx?nsp_sqno=1367&fm_sqno=14
Jain, A.K., Ross, A., Prabhakar, S.: An introduction to biometric recognition. IEEE Trans. Circuits Syst. Video Technol. 14(1), 4–20 (2004)
Nykänen, T.: Secure Cross-Platform Single Sign-On Solution for the World-Wide Web. Department of Computer Science and Engineering, Helsinki University of Technology (2002)
Ortiz, C.E.: An Introduction to Near-Field Communication and the Contactless Communication API. Oracle Technology Network (2008)
Pereira, A.L.: Computing systems integration in grid computing and cloud computing. In: IEEE International Parallel & Distributed Processing Symposium, Anchorage, US (2011)
Sandhu, R., Samarati, P.: Access control: principles and practice. IEEE Commun. Mag. 32(9), 40–48 (1994)
Sandhu, R., Munawer, Q.: How to do discretionary access control using roles. In: The Third ACM Workshop on Role-Based Access Control, New York, USA, pp. 47–54 (1998)
Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)
Samar, V.: Single sign-on using cookies for web applications. In: The IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, California, USA, pp. 158–163 (1999)
Tatepamulwar, C.B., Pawar, V.P.: Comparison of biometric trends based on different criteria. Asian J. Manag. Sci. 2(3), 159–165 (2014)
The Open Group Single Sign-On. http://www.opengroup.org/security/sso/
Acknowledgements
The authors would like to thank the Ministry of Science and Technology of the Republic of China, Taiwan, for financially supporting this research under contract no. MOST 106-2221-E-025-011.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Wu, MY., Ke, CK., Lee, MR. (2018). Ubiquitous Authentication and Authorization Mechanism for Enterprise Resources Acquisition. In: Park, J., Loia, V., Yi, G., Sung, Y. (eds) Advances in Computer Science and Ubiquitous Computing. CUTE CSA 2017 2017. Lecture Notes in Electrical Engineering, vol 474. Springer, Singapore. https://doi.org/10.1007/978-981-10-7605-3_176
Download citation
DOI: https://doi.org/10.1007/978-981-10-7605-3_176
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-7604-6
Online ISBN: 978-981-10-7605-3
eBook Packages: EngineeringEngineering (R0)