Authentication Server Research Articles

Biometric and Geographic Information-based Identity Authentication Method

With the ongoing advancements in computer technology and mobile internet, mobile payment has become an integral component of daily life. Identity authentication technology serves as a critical measure to ensure the security of mobile payments. This paper addresses the issue of low security associated with single-factor identity authentication while highlighting the substantial overhead involved in multi-factor authentication methods. We propose a novel identity authentication method that integrates biometric data and geographic information. In this framework, the identity authentication server first performs system initialization, configures system parameters, and stores them securely. Subsequently, the identity authentication client submits an authentication request to the server and completes its registration process. Finally, the server processes this request from the client, conducts user identity verification, and returns an authentication result. This approach effectively mitigates risks posed by attackers attempting to falsify biometric data or geographic information during the identity verification process and offers robust services for biometric- and geography-based identity authentication.

Enhancing the Vehicular Public Key Infrastructure to Develop Privacy-Preserving Authentication Scheme for Vanet by Using PCM and MSS Scheme

This article proposes a security-based authentication as well as efficient certificate management approach for VANET to detect fraudulent nodes with better precision, less latency and overhead. The primary purpose of the developed system is to establish effectual and heftiness of VANET security that lead to the stability of overall network. VANETs are composed of vehicles and Road Side Units (RSUs) assisting with network management and the vehicles connect with one another and RSUs to furnish roadside information and safety solutions. Security is an essential factor in VANETs because the confidentiality of humans (passengers) is paramount; hence, Vehicular Public Key Infrastructure (VPKI) is utilised to offer authentication and safety services in VANETs. The developed structure provides an encrypted VANET transmission infrastructure by utilising the concepts of Merkle Signature Scheme (MSS) and Pseudo-code Certificate Management (PCM) to minimise overhead for communication and latency while ensuring entity authenticity. Messages are authenticated by sender, encoded with a vehicular public key distributed by a PCM-MSS and decrypted by the destination, resulting in every transmission including a certification from a reliable authority. During that verification, the transmitter and receiver of message’s authentication and validation is accomplished. Simulation findings show that the proposed approach improves the reliability of identifying hostile nodes and PDR while reducing authentication delays and overhead.

Do authentic dimensions and customer knowledge affect overall authenticity and revisit intention via interacting gastronomic experience? Perspective on ethnic restaurants

Authenticity has been widely acknowledged as a pivotal determinant in the success of ethnic restaurants. This study explores the influence of authentic dimensions and customer knowledge on the overall authenticity and revisits intention of Omani ethnic restaurants by moderating the gastronomic experience. Using a positivist approach, data were collected from 330 customers of Omani ethnic restaurants in Oman. All dimensions of authenticity (atmosphere, food, service, and price) have a positive influence on revisit intention. Concurrently, empirical evidence substantiates that customer knowledge significantly and positively impacts customers' perceptions of authenticity and revisit intention. Gastronomic experience moderates the association between overall authenticity and revisit intention. Overall authenticity mediates the influence of authenticity dimensions revisit intention, except true to self. The study contributes to the literature on the importance of authenticity and customer knowledge in the success of ethnic restaurants. It provides valuable insights for restaurant managers and marketers in Oman.

Navigating the data economy : Key considerations for decision makers in banking

The European Commission (EC) is advancing the data economy through a series of regulatory reforms aimed at giving customers control of their data and fostering innovation in third-party contexts. While the costs of developing existing banking infrastructures and creating open application programming interfaces have largely fallen on banks, third-party service providers have benefitted from new revenue streams and increased customer relevance. As a result, banks risk disintermediation with some customer segments. The impending Financial Data Access (FiDA) regulation is set to expand these dynamics by extending the range of financial data made accessible for third parties. Simultaneously, the entry into force of the Electronic Identification Authentication and Trust Services 2.0 (eIDAS2) introduces a digital wallet that allows consumers and businesses to share their identity credentials in online customer journeys, offering banks the potential to engage more effectively in the data economy. The key question is whether the new reforms will encourage banks to seek opportunities beyond compliance; more so than with the Revised Payment Services Directive (PSD2) and open banking. This paper analyses the opportunities arising from FiDA, eIDAS2 and the Data Acts, providing strategic considerations for banks navigating the data economy. It emphasises that banks are ideally positioned to become data custodians by offering customers tools for the secure and reliable exchange of data-driven digital transactions across all sectors. Ultimately, this approach will unlock new value and enhance the relevance of banks in the data economy.

Soulbound Tokens: Enabler for Privacy-Aware and Decentralized Authentication Mechanism in Medical Data Storage

Context: The digitalization of the healthcare sector faces significant challenges due to the diverse representation of data and their distribution across various hospitals. Moreover, security is a key concern as healthcare-related data are subject to the legal obligations of GDPR and similar data protection legislations. Standardization efforts like HL7 have been implemented to enhance data interoperability. However, authentication still remains a critical issue, even significant challenges. Aim: This research aims to improve and strengthen the authentication process by introducing a novel architecture for decentralized authentication. Additionally, it proposes a new approach to decentralized data management, which is crucial for handling sensitive medical data efficiently. Methodology: The proposed architecture adopts a user-centric approach, utilizing Self-Sovereign Identity (SSI). It introduced a new non-fungible token (NFT) type called Soulbound token (SBT) in the medical context, which will facilitate user authentication across different hospitals, effectively creating a federation of interconnected institutions. Results: The implementation of the proposed architecture demonstrated a significant reduction in authentication time across multiple hospitals. The use of SBT ensured secure and seamless user authentication, enhancing overall system interoperability and data security. The decentralized approach also mitigated the risks associated with centralized authentication servers. Conclusion: The study successfully presents a novel decentralized authentication architecture for the healthcare domain, leveraging SSI and SBTs. This approach not only accelerates the authentication process but also enhances data security and interoperability among hospitals. Future research should explore the scalability of this architecture and its application in other sectors requiring stringent data security measures.

Non-Deterministic and Risk Based Security Services

This paper presents a comprehensive framework to address these challenges. Understanding various social engineering tactics is crucial for effective prevention and detection. Trust based models in entities enable many business objectives that may include speed to market, scalability, decentralization etc However, they also increase the attack surface due to "loose boundaries" between enforcement points or corresponding resource authorization servers and the service orchestration layer. The control points of enforcement are generally static across a spectrum of threat vectors such as Identity, Fraud, Authentication, Authorization, Cyber security and physical security etc. in this paper we propose a "Trust based security framework aka " Interdiction Services" that fundamentally is non-deterministic and risk based. This paper presents a converged security framework towards a comprehensive prevention and detection controls mechanism. The paper proposes a converged security framework that allows various parties from fraud, cyber, and physical security to collaborate but operate independently through a common framework of Interdiction Services.

Laboratory aging method for simulating the extracted aged asphalt from reclaimed asphalt pavement

This study compared the performance of extracted asphalt and laboratory aged asphalt. The five-year service asphalt mixtures were used for extraction in this study. The laboratory aged asphalt experienced the Rolling thin film oven (RTFO) aging the Pressure aging vessel (PAV) aging with variable duration (5, 10, 15, 20, and 25 hours). By comparing the softening point, viscosity, and rheological properties of both, an aging simulation protocol was established. For laboratory aged asphalt binder, the softening point increases by 3.56 %, 5.68 %, 7.43 %, 8.16 %, and 8.74 % at PAV aging times of 5 h, 10 h, 15 h, 20 h, and 25 h, respectively. The rutting index and viscosity of the aged asphalt gradually increases with the PAV duration. There is a substantial increase in creep recovery rate and a significant decrease in non-recoverable creep compliance for aged asphalt. The rheological aging index demonstrates a linear increasing trend. The sulfoxide (SO) and aromatic (CO) aging indexes of the laboratory-simulated aged asphalt progressively rise with prolonged PAV aging time. The SO and CO aging indexes of the extracted asphalt consistent with RTFO aged asphalt experienced PAV aging 20 and 25 hours. The extracted asphalt can be simulated in the laboratory under standard RTFO conditions and a 22.26 hours PAV duration at a pressure of 2.1 MPa ± 0.1 MPa. This study introduces a methodology for simulating asphalt aging in an authentic service environment by adjusting the laboratory aging test conditions.

Fault-tolerant security-efficiency combined authentication scheme for manned-unmanned teaming

Manned-unmanned teaming (MUM-T) is an emerging network system which interconnects manned aerial vehicles (MAVs) with unmanned aerial vehicles (UAVs) to enhance mission effectiveness and reduce workloads. Like other wireless systems, MUM-T is prone to attacks from the open communication channel. Therefore, an authentication scheme is required to establish secure and trusted communication between the MAV and the UAV. However, existing schemes fail to provide adequate security features and necessary efficiency, mostly due to their incomprehensive threat modeling and improper use of authentication techniques. Moreover, traditional centralized architecture of the authentication server leads to the single point of failure (SPOF) problem, which jeopardizes the robustness and scalability of MUM-T. In this paper, we propose a fault-tolerant authentication scheme for MUM-T that will solve these problems. To enhance its security, we construct a new threat model consisting of adversary's capabilities, security features, and security challenges to ensure the security of a scheme under combination attacks. To preserve the highest possible efficiency, we propose the design principle of using lightweight primitives for authentication and applying public key operations in key establishment. To address the SPOF problem, we employ a distributed fault-tolerant mechanism to share registration information within authentication servers and defend against faulty nodes. As is demonstrated by the security proof and performance comparison, our scheme succeeds in improving security and reducing overall costs, which provides a better solution than existing schemes.

Fast and Efficient UserID Lookup in Distributed Authentication: A Probabilistic Approach Using Bloom Filters

Purpose: User authentication in distributed systems presents unique challenges due to the decentralized nature of these environments and the potential for high-volume login attempts. This paper proposes an efficient method for UserID existence checking during the login process using Bloom filters, a space-efficient probabilistic data structure. Our approach aims to reduce authentication latency and minimize network traffic while maintaining a high level of security. Methodology: We present a novel system architecture that incorporates Bloom filters at strategic points within the distributed system to perform rapid preliminary checks on UserID existence. This method allows for quick rejection of non-existent UserIDs without querying the main user database, significantly reducing the load on central authentication servers. The paper details the implementation of Bloom filters optimized for UserID storage and lookup, including considerations for filter size, hash function selection, and false positive rate management. We also describe the integration of this method into a typical authentication workflow, highlighting the points at which Bloom filter checks are performed and how they interact with existing security measures. Findings: To evaluate the effectiveness of our approach, we conducted extensive experiments simulating various scales of distributed systems and login attempt patterns. Our results demonstrate that the Bloom filter-based UserID existence checking method reduces authentication latency by an average of 37% compared to traditional database lookup methods. Additionally, we observed a 42% decrease in network traffic related to authentication processes, indicating improved scalability for large-scale distributed systems. The paper also discusses the trade-offs inherent in using probabilistic data structures for security-critical operations, addressing potential vulnerabilities and proposing mitigation strategies. We conclude by outlining future research directions, including adaptive Bloom filter sizing and the potential application of this method to other aspects of distributed system security. Unique Contribution to Theory, Policy and Practice: This research contributes to the field of distributed systems security by providing a practical, efficient, and scalable solution for UserID existence checking, potentially improving the performance and user experience of large-scale authentication systems.

ST-TrajGAN: A synthetic trajectory generation algorithm for privacy preservation

The rapid growth of large-scale trajectory data poses privacy risks for location-based services (LBS), primarily through centralized storage and processing of data, as well as insecure data transmission channels (such as the Internet and wireless networks), which can lead to unauthorized access or manipulation of users' location information by attackers. To enhance trajectory privacy protection while improving the trajectory utility, this paper proposes an efficient and secure deep learning model Semantic and Transformer-based Trajectory Generative Adversarial Networks (ST-TrajGAN) for trajectory data generation and publication. First, this article introduces a semantic trajectory encoding model for preprocessing trajectory points. Through this model, trajectory points can be transformed into vector representations with semantic information. Next, by learning the spatio-temporal and semantic features of real trajectory data, a deep learning model is used to generate synthetic trajectories with more uncertainty and practicality. Furthermore, a novel TrajLoss loss metric function was crafted to gauge the trajectory similarity loss within the trained deep learning model. Ultimately, the efficacy of the generated synthetic trajectories and the model's utility are assessed through Trajectory-User Linking (TUL) and Trajectory Sharing Percentage (TSP) values on three authentic Location-Based Services (LBS) datasets. Numerous experiments have shown that our method outperforms other methods in terms of privacy protection effectiveness and utility.

Using the ACE framework to enforce access and usage control with notifications of revoked access rights

The standard ACE framework provides authentication and authorization mechanisms similar to those of the standard OAuth 2.0 framework, but it is intended for use in Internet-of-Things environments. In particular, ACE relies on OAuth 2.0, CoAP, CBOR, and COSE as its core building blocks. In ACE, a non-constrained entity called Authorization Server issues Access Tokens to Clients according to some access control and policy evaluation mechanism. An Access Token is then consumed by a Resource Server, which verifies the Access Token and lets the Client accordingly access a protected resource it hosts. Access Tokens have a validity which is limited over time, but they can also be revoked by the Authorization Server before they expire. In this work, we propose the Usage Control framework as an underlying access control means for the ACE Authorization Server, and we assess its performance in terms of time required to issue and revoke Access Tokens. Moreover, we implement and evaluate a method relying on the Observe extension for CoAP, which allows to notify Clients and Resource Servers about revoked Access Tokens. Through results obtained in a real testbed, we show how this method reduces the duration of illegitimate access to protected resources following the revocation of an Access Token, as well as the time spent by Clients and Resource Servers to learn about their Access Tokens being revoked.

GMC-crypto: Low latency implementation of ECC point multiplication for generic Montgomery curves over GF(p)

Elliptic Curve Cryptography (ECC) is the front-runner among available public key cryptography (PKC) schemes due to its potential to offer higher security per key bit. All ECC-based cryptosystems heavily rely on point multiplication operation where its efficient realization has attained notable focus in the research community. Low latency implementation of the point multiplication operation is frequently required in high-speed applications such as online authentication and web server certification. This paper presents a low latency ECC point multiplication architecture for Montgomery curves over generic prime filed GF(p). The proposed architecture is able to operate for a general prime modulus without any constraints on its structure. It is based on a new novel pipelined modular multiplier developed using the Montgomery multiplication and the Karatsuba-Offman technique with a four-part splitting methodology. The Montgomery ladder approach is adopted on a system level, where a high-speed scheduling strategy to efficiently execute GF(p) operations is also presented. Due to these circuit and system-level optimizations, the proposed design delivers low-latency results without a significant increase in resource consumption. The proposed architecture is described in Verilog-HDL for 256-bit key lengths and implemented on Virtex-7 and Virtex-6 FPGA platforms using Xilinx ISE Design Suite. On the Virtex-7 FPGA platform, it performs a 256-bit point multiplication operation in just 110.9 us with a throughput of almost 9017 operations per second. The implementation results demonstrate that despite its generic nature, it produces low latency as compared to the state-of-the-art. Therefore, it has prominent prospects to be used in high-speed authentication and certification applications.

Quality of Essential Medicines from Different Sources in Enugu and Anambra, Nigeria.

This study investigated the quality of 13 essential medicines in the states of Enugu and Anambra, Nigeria. A total of 260 samples were purchased from licensed pharmaceutical manufacturers and wholesalers and from vendors in pharmaceutical markets with unclear licensing status. Samples were analyzed for identity, content, and dissolution according to the United States Pharmacopeia (USP) 42 monographs. Forty-five samples of this study could be examined for authenticity with the Mobile Authentication Service scheme of the Nigerian National Agency for Food and Drug Administration and Control. Out of all samples, 25.4% did not comply with the USP 42 specifications. Strikingly, 21 out of 22 dexamethasone tablet samples (95%) were out of specification (OOS). Nine out of 19 glibenclamide samples (47%) failed dissolution testing, and 7 out of 17 cotrimoxazole samples (41%) failed assay testing. Medicines against noncommunicable diseases showed a slightly higher percentage of OOS samples than anti-infectives (21.2% versus 17.6%). The rates of OOS samples were similar in medicines stated to be produced in Nigeria, India, and China but were very different between individual manufacturers from each of these countries of origin. Therefore, prequalification of products, manufacturers, and suppliers are very important for quality assurance in medicine procurement. Unexpectedly, the total proportions of OOS samples were similar from licensed vendors (25.2%) and from markets (25.5%). Four samples (1.5%), all collected in markets, were clearly falsified and did not contain the declared active pharmaceutical ingredients. The proportion of falsified medicines was found to be lower than frequently reported in the media for Nigeria.

Development of a model of the information and analytical system for making decisions on detecting failures of information transmission channels

The object of the research is the channels of information transmission during the control of the information-analytical decision-making system. The development of high technologies and computing capabilities ensures the evolutionary development of smart technologies and socio-cyber-physical systems on the one hand. On the other hand, it forms the integration of targeted (mixed) attacks with the possibility of integration with social engineering methods. In addition, mobile technologies significantly increase the possibilities of data transmission speed. However, this only provides the authentication service, which does not provide a full range of security services. Under such conditions, an urgent task at the decision-making stage is the use of auxiliary systems that ensure the adequacy of decisions and the promptness of their adoption. The proposed mathematical model of the information and analytical system allows to calculate the main technical characteristics of information transmission channels and identify their possible failures. The use of an information and analytical system simplifies the decision-making process, allows to increase the reliability of such decisions due to an increase in the level of automation. Increasing the level of automation in the decision-making process removes subjective factors and the decision depends on the availability of information. Therefore, the reliability of the information transmission channels of the information and analytical system significantly affects the quality of the decisions made. The developed model allows to ensure the required level of reliability of information transmission channels. The obtained results are explained by determining the dependence between the parameters of the information and analytical system and their influence on the quality of information transmission through channels. The results of the study can be used in practice when considering systems with a limited number of states during operation

Using QR Code and a Smartphone to Provide University of Cross River State (UNICROSS) Certificate Authentication

In the modern world, people frequently fabricate their credentials in order to secure a job or to show up where and when it is necessary. Verification is the most effective approach to identify those fraudulent certificates. Despite this, the paper verification method requires a drawn-out and time-consuming process to handle certificate verification because the certificates must be returned to the institutions who awarded them. As a result, the certificates either fail to pass verification or are delayed by the lengthy process. Hence, a certificate verification method using QR codes is developed in this study for quick verification of University of Cross River State (UNICROSS) certificate genuineness. A Smartphone and 3D Printed QR Code were employed for the enhancement of UNICROSS certificate mobile authentication services. ScanTrust anti-counterfeiting services were used to secure and host the encrypted information. Results show that our framework is effective for creating mobile authentication services with high user satisfaction rate and having reasonably low computing requirements.

The Legal Framework for Electronic Signature in Jordan A Comparative Study with EU Regulations

Electronic signature, owned by the owner is a matter of trust, and it may be difficult for the other contracting party to verify its authenticity , hence the importance of dealing with and organizing digital signature is of paramount importance., The aim of this study is to compare the legislation of the EU and Jordan in governing the responsibility of the authentication service provider concerning electronic signature, to find out whether there is a lack of organized legislation with regard to the work of electronic signature service providers. The article will also examine the adequacy of general regulations in supervising the duties of electronic service providers under Jordanian law. I will emphasize the importance of establishing specific regulations, and the need to establish special rules for this particular responsibility, especially with regard to the development of specific rules in line with the UNCITRAL model law on electronic signatures. As regards the EU directives on electronic signatures and other international legislations, it must be emphasized that the issue of electronic authentication services raises several legal problems that can be resolved. Among others the legal nature of the liability of electronic authentication service providers, their legal basis, and their establishment are still subject to legal controversy. In addition to the scope of this responsibility and the issue of determining the extent of compensation that can be imposed in the event of harm to the customer or others, the Jordanian legislators have not established a specific legal system for the responsibility of the employer and the electronic authentication provider to clarify all the ambiguities to which electronic banking operations are exposed to in order to create an independent and sustainable legislative environment for all the rapid technological development.

Designing information systems for business administration through human and computer interaction

AI is increasingly incorporated into business operations; it appears in every aspect of life. However, a strategy that can integrate human and machine interaction is required for long-term implementation. To identify characteristics that can enhance domain operations and interpersonal interactions. To elucidate these obstacles and underscore specific pivotal decisional considerations that necessitate resolution before the effective collaboration of cognitive machines and humans in delivering authentic financial services. This article utilizes the published framework to analyze a case study in retail banking to identify the necessary cognitive abilities, individually and collectively. Each of these capabilities provides usage examples and demonstrates how they comprise a unified deliberative architecture for human-robot interaction. Customer service is an area where this design could be advantageous. Experimental evidence indicates that explicit knowledge management at the geometric and symbolic levels facilitates the incorporation of human-level semantics into the deliberative system of the robot, thereby enhancing the quality and authenticity of human-robot interactions.

FastAPI vs. The Competition: A Security Feature Showdown with a Proposed Model for Enhanced Protection

API security is of paramount importance in modern web applications, as it protects sensitive data and ensures authorized access to resources. FastAPI, a Python-based web framework, offers various security features to developers for building secure APIs. This paper examines the security features provided as well as supported by FastAPI, The provided features consists of OAuth2 authentication, Dependency injection and Security Schemas and Scopes, whereas the supported security features includes Json Web Token (JWT) authentication, Cross Site Request Forgery (CSRF) token support and HTTPS support. The supported features can be implemented by using python libraries and middlewares. The proposed model combines the JWT token authentication, OAuth2 authentication, and Security Scopes and schema security features to enhance the security in the FastAPI application. The proposed model defines scopes for users and uses JWT to generate tokens and using OAuth2 authentication service to only allow a user who has the specific permissions and scopes to access and perform actions in the scope specific API endpoints. The model hence allows secure and safe working of applications by eliminating the threat of unauthorized users to corrupt the application code. The focus on performance and security makes FastAPI an excellent choice for developers seeking to build secure APIs. Overall, this paper highlights the importance of API security and showcases FastAPI's security features, demonstrating how developers can leverage FastAPI to build robust, performant, and secure APIs. Key Words: FastAPI, Flask, Django, OAuth2, JWT (JSON Web Token), CSRF (Cross Site Request Forgery)

Enhancing e-IDs authentication with NFC

In the modern times, the heavy footprint of Information and Communication Technologies in the everyday life brings multiple challenges to the ordinary citizen, like having a digital profile on numerous services and institutions. The spread of authentication services that need to be verified to perform simple tasks is thus overwhelming. Many countries hence developed elaborated solutions to unify some of the authentication services around a single e-ID card to help performing different everyday tasks. The burden associated with carrying a smartcard reader to authenticate, or the time spent and complexity of the authentication using Mobile Digital Tokens represent an adversity for citizens who are not so digitally educated. NFC is a technology that is growing in usage every year and is widely adopted now. It is easy and fast to use. This paper proposes a safe, easy, and fast way to implement NFC-based authentication in an e-ID card and discusses its benefits.

TRANSFORMASI E-GOVERNMENT DALAM PERSETUJUAN BANGUNAN GEDUNG:

The aim of this research is to determine the application of e-government in building approval services through SIMBG at the Kendari City Investment and One-Stop Integrated Services Service. Researchers used descriptive qualitative research methods. There were 9 informants in this study who were determined using purposive sampling techniques. Data collection techniques through in-depth interviews and documentation studies. Building Approval Services through SIMBG at the Kendari City One-Stop Integrated Services and Investment Service can be seen from: 1) Physical evidence of the availability of good and adequate public service locations. 2) The Reliability Dimension (reliability) of the Kendari City one-stop capital investment and service department is still not in accordance with applicable regulations and SOPs. 3) Responsiveness, which is still not good, can be seen from the lack of response by employees to complaints or complaints from the public in services related to the PBG permit application process through SIMBG. 4) The insurance dimension is good, as seen from the existence of several guarantees, namely data and document security guarantees, PBG document authenticity guarantees and service guarantees. 5) Empathy, this can be seen from the lack of professionalism of employees towards applicants regarding PBG services through SIMBG.