Enroll, and Authentication Will Follow: eID-Based Enrollment for a Customized, Secure, and Frictionless Authentication Experience

IRIS

High-assurance user identification and credentials provisioning are crucial for accessing digital services. Usability, service customization, and security should be carefully balanced to offer an appropriate user experience. We propose an eID-based enrollment approach for tailoring authentication to the particular needs of the service provider and strike a good trade-off between usability and security via the registration of authenticators, artifacts providing identity proofs. We demonstrate the practicality of our approach in the case of patient access to Electronic Health Records (EHR) through an Android application: enrollment is done by using the Italian national eID card to register the mobile authenticator, unlocked by the user’s fingerprint, customized to interact with the identity and access management system of the EHR.

Enroll, and Authentication Will Follow: eID-Based Enrollment for a Customized, Secure, and Frictionless Authentication Experience / Ranise, S.; Sciarretta, G.; Tomasi, A.. - 12056:(2020), pp. 156-171. (Intervento presentato al convegno 12th International Symposium on Foundations and Practice of Security, FPS 2019 tenutosi a fra nel 2019) [10.1007/978-3-030-45371-8_10].

Enroll, and Authentication Will Follow: eID-Based Enrollment for a Customized, Secure, and Frictionless Authentication Experience

Ranise S.;Sciarretta G.;Tomasi A.

2020-01-01

Abstract

High-assurance user identification and credentials provisioning are crucial for accessing digital services. Usability, service customization, and security should be carefully balanced to offer an appropriate user experience. We propose an eID-based enrollment approach for tailoring authentication to the particular needs of the service provider and strike a good trade-off between usability and security via the registration of authenticators, artifacts providing identity proofs. We demonstrate the practicality of our approach in the case of patient access to Electronic Health Records (EHR) through an Android application: enrollment is done by using the Italian national eID card to register the mobile authenticator, unlocked by the user’s fingerprint, customized to interact with the identity and access management system of the EHR.

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno di pubblicazione (Date of publication)
	
			2020
		
	Titolo del volume (Proceedings title)
	
			Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
		
	Luogo di edizione (Place of publication)
	
			Germany
		
	Casa editrice (Publisher)
	
			Springer
		
	ISBN
	
			978-3-030-45370-1
978-3-030-45371-8
		
	Codice Scopus (Scopus Identifier)
	
			2-s2.0-85083962149
		
	Codice WOS (WOS identifier)
	
			WOS:000886223400010
		
	Tutti gli autori
	
			Ranise, S.; Sciarretta, G.; Tomasi, A.
		
	Citazione
	
			Enroll, and Authentication Will Follow: eID-Based Enrollment for a Customized, Secure, and Frictionless Authentication Experience / Ranise, S.; Sciarretta, G.; Tomasi, A.. - 12056:(2020), pp. 156-171. (Intervento presentato al  convegno 12th International Symposium on Foundations and Practice of Security, FPS 2019 tenutosi a fra nel 2019) [10.1007/978-3-030-45371-8_10].
		
	Appare nelle tipologie:
	
			04.1 Saggio in atti di convegno (Paper in Proceedings)

File in questo prodotto:

Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/333016

Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni

ND

1

0

social impact