Propozycja zgłoszona do Ideal-ist Partner Search i opatrzona Quality Label.
PROJECT OVERVIEWPS ID: PS-IT-92705
Call Identifier: H2020-SECURITY-DS-2014
Objective: DS-2-2014: Access Control
Funding Schemes: Innovation Actions
Evaluation Scheme: One stage
Closure Date: 28/08/2014
PROJECT DESCRIPTION
A transparent multistep authentication system, easier and faster than typing a password, but secure and flexible enough to be used for any kind of situation (weblogin, payments, keylocks).
Proposal Outline:
Introduction
Mat Honan wrote an article on Wired Magazine in December 2012 titled “Kill the password” where he described the illusions of online security and stated that “the password age has come to an end…. we must find something new!”.
The current alternative to the password-based world are the two-steps authentication systems, that require the user to submit both secret information and randomly generated ones received through a special token or via SMS. Adding this layer of authentication, the system will be able to greatly reduce identity thefts attempted via man-in-the-middle and impersonation attacks, whatever is the computational power of the hacker.
A wide variety of US companies (even the biggest one like Google, Microsoft, Twitter, Facebook…) are gaining interests on these solutions by developing their own proprietary ones specifically designed for their services, but sometime not reusable or incompatible with other solutions, creating a highly fragmented scenario where is impossible to define a leader technology.
The project
Our research takes in consideration this environment by studying an open solution that anyone can easily customize and integrate in their system, regardless of the operating system or hardware. By using a cloud architecture and a multiple sets of API (Application Program Interface) libraries, the identification process will be moved on the cloud, enabling the insertion of all the current and future identification systems, also the biometrical one, without any cost or effort for users and companies, thus, greatly reducing their security expenses.
Although two-steps authentication systems today give the highest level of protection from identity thefts, the current offers lacks on design and accessibility giving a brake to the user adoption. People prefers the traditional password-based access as it is easier and faster despite being less secure. Considering this fact, the projects will study how to merge security and usability by removing any token device, special equipment or NFC chips, but just using a smartphone.
Current status
The project can be addressed to the 4th TRL. A very basic version of the platform has already been prototyped to test the functionalities and verify the proof of concept. (a presentation video with example of usage can be found at https://www.youtube.com/watch?v=SxaHnZfXnTA).
The Consortium has already been found and its constituted by almost 22 partners among all the EU. We almost completed the technical annex defintion.
Ambition
Our ambition is to creating a system that is:
Expandable: identification process is centralized in the cloud, so that it will be possible to insert any kind identification procedures, including biometrical recognition
Flexible: so that the users or the third party apps decide the level of security needed. At occurrence, it can be possible to enable/disable single, two and multiple steps authentication procedures just by changing security setting of the application.
Privacy-aware: allowing user to know what, how and where to share their information with 3rd party services
Platform-agnostic: while the client application will be open to facilitate the compatibility among devices, the core platform will be based on the cloud, thus, accessible from any kind of service just by using an internet connection and the traditional HTTP communication protocol
Simple: does not require any effort apart carrying the smartphone and does not require to memorize or typing any secret information.
Fast: simple and faster than typing the username and password. A typical identification procedure must be completed in less than 15 seconds from the moment the request started to the moment the request executed.
Objective
Anyone will be able to integrate the identification capabilities of our platform and implement a multisteps authentication procedure for their services at the cost of a monthly subscription plan.
But the main output for this research will be the exploitation of the platform to authorize payment transactions by using facial recognition to identify the users. This project aims to increase security into the banking world, ensuring a more reliable transaction system, and, by replacing plastic cards and token with the smartphone application, to reduce the environmental impact.
PARTNER PROFILE SOUGHT
Required skills and Expertise:
- Profile 1: Coordination & management, IT Security (optional)
- Profile 2: System integration, web development, programming
- Profile 3: Graphic artist and design
- Profile 4: Video Production, film-making.
Description of work to be carried out by the partner(s) sought:
We are searching for three kind of different profiles, each involved in different activities of the consortium:
Profile 1 – Coordination and project managment. The partner must have knowledge of the H2020 program and be available to work as a coordinator. However, the Technical annex and the consortium definition has already been done, so minor work will be required.
Profile 2 – Pilot application development. The partner must define a pilot application for the project and integrate the system in an existing service or product of its own choice. Examples could include: the integration of the system in the university’s student portal, a banking platform, a workpress plug-in, home appliances…
Profile 3 – Design and user interface definition. We need to realize the graphical layout of the user interface for the entire platform (a web front/back-end, a mobile application, a browser plug-in) to make the application more user-friendly and increase the user experience.
Profile 4: Video production: The partner will be required to produce video interviews for the project and a short documentary about the password and cybersecurity.
Type of partner(s) sought:
- R&D institutes
- Universities
- Mobile, software & web developers
- Legal and accounting consultants
- Marketing agencies
- Incubator and accelerators
PROPOSER INFORMATION
Organisation: neoEYED S.r.l.
Department: EYED
Type of Organisation: Industry – SME
Country: Italy
Więcej…
