High-assurance user identification and credentials provisioning are crucial for accessing digital services. Usability, service customization, and security should be carefully balanced to offer an appropriate user experience. We propose an eID-based enrollment approach for tailoring authentication to the particular needs of the service provider and strike a good trade-off between usability and security via the registration of authenticators, artifacts providing identity proofs. We demonstrate the practicality of our approach in the case of patient access to Electronic Health Records (EHR) through an Android application: enrollment is done by using the Italian national eID card to register the mobile authenticator, unlocked by the user’s fingerprint, customized to interact with the identity and access management system of the EHR.

Enroll, and Authentication Will Follow: eID-Based Enrollment for a Customized, Secure, and Frictionless Authentication Experience / Ranise, S.; Tomasi, A.; Sciarretta, G.. - 12056:(2020), pp. 156-171. (Intervento presentato al convegno 12th International Symposium on Foundations and Practice of Security, FPS 2019 tenutosi a fra nel 2019) [10.1007/978-3-030-45371-8_10].

Enroll, and Authentication Will Follow: eID-Based Enrollment for a Customized, Secure, and Frictionless Authentication Experience

Ranise S.;
2020-01-01

Abstract

High-assurance user identification and credentials provisioning are crucial for accessing digital services. Usability, service customization, and security should be carefully balanced to offer an appropriate user experience. We propose an eID-based enrollment approach for tailoring authentication to the particular needs of the service provider and strike a good trade-off between usability and security via the registration of authenticators, artifacts providing identity proofs. We demonstrate the practicality of our approach in the case of patient access to Electronic Health Records (EHR) through an Android application: enrollment is done by using the Italian national eID card to register the mobile authenticator, unlocked by the user’s fingerprint, customized to interact with the identity and access management system of the EHR.
2020
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Germany
Springer
978-3-030-45370-1
978-3-030-45371-8
Ranise, S.; Tomasi, A.; Sciarretta, G.
Enroll, and Authentication Will Follow: eID-Based Enrollment for a Customized, Secure, and Frictionless Authentication Experience / Ranise, S.; Tomasi, A.; Sciarretta, G.. - 12056:(2020), pp. 156-171. (Intervento presentato al convegno 12th International Symposium on Foundations and Practice of Security, FPS 2019 tenutosi a fra nel 2019) [10.1007/978-3-030-45371-8_10].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/333016
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 0
social impact