GGrantIndex
← Search

Exploratory Research-Scalable Token-Based Authentication: Architectures and Mechanisms

$34,451FY2001CSENSF

University Of North Carolina At Charlotte, Charlotte NC

Investigators

Abstract

Abstract The information revolution has led organizations worldwide to rely heavily on numerous databases to conduct their daily business. Because databases usually exist in broad, highly dynamic network-based environments, formally accessing the resources in a secure manner poses a difficult challenge. Specially, the healthcare industry has recently tried to transit from their old and disparate business models based on ink and paper to a new and consolidated ones based on digitalized information since last a few years for their customers' and stakeholders' needs. In addition, the proposed rules of the Health Insurance Portability and Accountability Act (HIPAA), circulated by the U.S. Department of Health and Human Services (HHS) through the Health Care Financial Administration (HCFA) strongly require the services of security and privacy. Along with this movement, a secure solution for the complex environment like healthcare industry has been highly demanded. Recently, the President's Information Technology Advisory Committee (PITAC) has issued a report about how security can be deployed to modernize the nation's healthcare systems. Nobody has taken a leadership role and demanded investment in information technology. Without active leadership it will be difficult, if not possible, to get the highly decentralized healthcare industry to come up with a standard secure information system. This motivates us to propose a scalable application that can serve as a security tool to the complex environment like healthcare industry. The problem we seek to address in this research is to provide authentication of individual identity in the context of accessing critical information including secure transmission of data across the Internet. These problems have technical solutions that are well known, but the solutions in general are strongly biased toward a single individual interacting with a single application. When an individual needs to access more than one application, or even the same application at a different location or institution, he or she needs another set of electronic keys. In a collaborative and research environment, individuals must collect and maintain a key set of electronic access mechanisms that quickly becomes cumbersome and difficult to manage. For this reason, we focus on token-based solution. In this research, we propose scalable token-based authentication architectures & mechanisms and demonstrate how we can implement them using commercial-off-the-self technologies. Our approach focuses on vendor-neutral specifications including the feasibility of the construction of password, certificate and signature-based authentication mechanisms.

View original record on NSF Award Search →