In this paper we present a system for enterprise rights management (ERM) for remote maintenance facilities. The Data provider inizializes a mobile device (terminal) by preloading a set of documents, the associated metadata along with the access policy. The envisioned scenario does not allow any further communication, so that documentation confidentiality is achieved by means of a biometric key-binding scheme featuring face recognition. We show that our scheme improves the privacy of operators’ biometric templates and the overall system usability. Moreover, we show experimentally that face biometry offers a sufficient level of stability for the purpose of the key recovery. Non-interactive security functionalities and access control enforcement leverage terminals featuring cryptographic hardware. To this end we present an operator device prototype implementation based on Trusted Execution Environments (TEE).
Off-line enterprise rights management leveraging biometric key binding and secure hardware / Catuogno, L.; Galdi, C.; Riccio, D.. - In: JOURNAL OF AMBIENT INTELLIGENCE AND HUMANIZED COMPUTING. - ISSN 1868-5137. - 10:7(2019), pp. 2883-2894. [10.1007/s12652-018-1023-9]
Off-line enterprise rights management leveraging biometric key binding and secure hardware
Catuogno L.;Galdi C.;Riccio D.
2019
Abstract
In this paper we present a system for enterprise rights management (ERM) for remote maintenance facilities. The Data provider inizializes a mobile device (terminal) by preloading a set of documents, the associated metadata along with the access policy. The envisioned scenario does not allow any further communication, so that documentation confidentiality is achieved by means of a biometric key-binding scheme featuring face recognition. We show that our scheme improves the privacy of operators’ biometric templates and the overall system usability. Moreover, we show experimentally that face biometry offers a sufficient level of stability for the purpose of the key recovery. Non-interactive security functionalities and access control enforcement leverage terminals featuring cryptographic hardware. To this end we present an operator device prototype implementation based on Trusted Execution Environments (TEE).I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
