Ryu Watanabe

Federated Authentication Mechanism using Cellular Phone - Collaboration with OpenID

OpenID authentication is a method to provide a single sign-on (SSO) service among Internet service sites. OpenID has been widely adopted by blog sites because of its usability and ease of implementation. However, the assurance of the ID in OpenID authentication is a concern because currently anyone can hold accounts on an OpenID provider (OP) simply by sending a registration mail and OPs usually do not check to confirm the real identity of their applicants. In contrast, a telephone company checks the identity of their mobile service users before a contract is completed by referring to such credentials as a driver’s license or passport. Therefore, on a cellular phone, the ID, such as subscriber ID, is assured by the contract process and telephone companies can trace the user’s identity through the ID. In this paper, we propose a federation authentication scheme between Open ID and a cellular phone in order to assure the ID of the OpenID. In addition, by using the cellular phone at user authentication for each service use, secure authentication is also provided.

PPM: Privacy Policy Manager for Personalized Services

In this paper, we introduce a new architecture for personalized services. The architecture separates access control using a user own privacy policy from data storage for private information, and it supports privacy policy management by users. We design a core module, the Privacy Policy Manager (PPM). The module includes several functionalities: ID management, privacy policy management, control of information flows, and recording the flows.

P3MCF: Practical Privacy-Preserving Multi-domain Collaborative Filtering

This paper proposes P3MCF, an efficient privacy-preserving, multi-domain collaborative filtering scheme for user oriented recommendations. P3MCF achieves a lightweight, high accuracy recommendation for a multi-domain recommendation system. In P3MCF, a data supplier transfers only statistical values on user ratings to recommenders in order to improve the accuracy of recommendations. P3MCF only requires transmission of O(m) statistical values for each data supplier, where m is the number of items in each user record. We implemented a prototype system and evaluated transaction time and accuracy of recommendations. Experiments confirmed that accuracy could be improved when using statistical values. The results also confirmed that the computation time for predicting a missing value was about 21 milliseconds if we use a public dataset where the number of ratings is 100,000. The experimental results demonstrated that P3MCF was sufficiently practical from the viewpoint of accuracy and transaction time. We also confirmed that P3MCF was applicable to several service models, such as a horizontally partitioned model and a vertically partitioned model.

Implementation of remote system using touchless palmprint recognition algorithm

When a cellular phone is lost or stolen, it may be used improperly or the personal information may be stolen from it by a malicious user. Biometric authentication such as palm-print recognition is the strongest of the personal authentication technologies designed to prevent such misuse. Ito et al. proposed several palmprint recognition schemes using correspondence matching based on the phase-only correlation among various schemes. However, these schemes require a palmprint image to be captured with the hand touching the dedicated device, while palmprint images must be captured without such physical contact when using cellular phones. Thus these schemes cannot be applied to cellular phones since there are large positioning gaps and large differences in brightness and distortion between the images. Furthermore, they are not implemented in the cellular phone and their performances are not evaluated either. In this paper, we describe the palmprint recognition algorithm that adds Yörük et al.s preprocessing technique to Ito et al.s schemes, which are robust against the aforementioned problems. We propose a remote system, which has several advantages than the local system and thus is the main theme of this paper, between the cellular phone and authentication server using the aforementioned algorithm. We implement the proposed system, specially for the Android phone as a terminal of the user side. We also show the validity of the proposed system by confirming and considering the tested accuracy level. We furthermore show that the proposed system is practical by confirming the processing time.

Proposal for Efficient ID Management Scheme on TTP based Authentication Service

In this paper we propose an ID management scheme with user privacy protection. The scheme contributes to reducing the ID management cost for a large-scale network. TTP (trusted third party) based authentication services have a problem in user ID handling in that a TTP has to manage a large amount of user DDs for their service. Our proposed scheme minimizes the data volume that a TTP has to retain by using a cryptographic technique. We also describe the evaluation results for a prototype system based on a realistic environment where TTPs cooperate in providing the authentication service.

A secure coverage area expansion scheme for public wireless LAN services

An ad-hoc network style connection can be utilised to expand the coverage area of public wireless LAN (WLAN) services. By relaying the messages among user nodes, a node can obtain an internet connection, even though the node is located outside the APs direct wireless communication area. This concept has been realised by using the ad-hoc on-demand distance vector (AODV) routing protocol and mobile IP. However, it has some drawbacks in terms of security. The AODV has no functions for confirming the validity of routing messages; therefore, there are many threats due to faked or forged routing messages. In contrast, if a secure ad-hoc routing protocol is used for message routing in the WLAN service, the message route can be appropriately maintained. However, in order to employ secure ad-hoc routing protocols, a key and IP address have to be securely delivered to each WLAN node in advance. For this purpose, in this paper, the authors propose a secure address and public key certificate allocation scheme for WLAN services.