Authentication Assurance Level Taxonomies for Smart Identity Token Deployments - A New Approach
Authentication assurance level taxonomies that have been specified in many real-world smart identity token deployments do not fully reflect all the security properties associated with their underlying authentication mechanisms. In this paper we describe the development and application of a new methodology called SID-AAM (where the abbreviation stands for Smart Identity Token - Authentication Assurance Level Methodology) that identifies a new set of authentication factors appropriate for this technology, identifies all the security properties that need to be verified based on bindings between various entities involved in the authentication processes and then derives an authentication assurance level taxonomy based on the set of security properties verified in the various authentication modes specified in the deployment. The advantages of SID-AAM methodology compared to current approaches for determining authentication assurance levels for smart identity token deployments are highlighted.
- 1.Securing e-business applications using Smart Cards. IBM Systems Journal 40(3) (2001), http://www.research.ibm.com/journal/sj/403/hamann.html
- 3.FIPS 201 - Personal Identity Verification of Federal Employees and Contractors, http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf
- 4.TWIC Reader Hardware And Card Application Specification, May 30 (2008), http://www.tsa.gov/assets/pdf/twic_reader_card_app_spec.pdf