Usable Multi-factor Authentication and Risk-based Authorization

Abstract : This effort developed a set of usable authentication and authorization technologies that create a strong tie between transactional identity and physical identity. Specifically, the effort conducted psychometric studies on the end user perception of risk and used this to drive mechanisms to align end-user perception of risk with the actual value at-risk in transactions. Used sensors available on mobile phones to design multi-factor authentication based on a fusion of biometric sensors chosen for optimal performance. Explored how risk indicators and authentication interfaces will be securely implemented on mobile platforms. Investigated protocols to maintain the integrity and liveness of biometric data, enhance d user trust in the authentication process, and balanced the security requirements of the user and the service provider.