Ubiquitous Authorization Scheme Based on Device Profile

  • Kevin Tham
  • Mark Looi
  • Ernest Foo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4097)


The range of devices that are capable of connecting to data networks has been on a rise in recent times. From the perspective of an administrator, controlling access to data networks, via these devices, usually includes the creation of separate login credentials. This leads to an administrative nightmare, from both the user and administrator’s point of view. This paper proposes a novel approach to this problem and offers a single-sign-on system, where the user’s authorisation is based on the login credentials of the user, and the profile of the device the user is using. An instance of this design is presented with SESAME, to demonstrate the usefulness of the design, and also practicality for implementation.


Authentication Server Authentication Phase Java Virtual Machine Extensible Authentication Protocol Access Control List 


  1. [BV98]
    Blunk, L., Vollbrecht, J.: RFC2284: PPP Extensible Authentication Protocol (EAP) (March 1998)Google Scholar
  2. [DA99]
    Dierks, T., Allen, C.: RFC2246: The TLS Protocol – Version 1.0 (January 1999)Google Scholar
  3. [ECM96]
    ECMA International, 114 Rue du Rhône, CH-1204 Geneva, Switzerland. Authentication and Privilege Attribute Security Application with related key distribution functions, 2nd edn. (March 1996)Google Scholar
  4. [FK92]
    Ferraiolo, D., Kuhn, R.: Role-Based Access Control. In: 15th National Computer Security Conference (1992)Google Scholar
  5. [Gan95]
    Ganesan, R.: Yaksha: Augmenting Kerberos with public key cryptography. In: Internet Society Symposium on Network and Distributed System Security, February 1995, pp. 132–143 (1995)Google Scholar
  6. [KN93]
    Kohl, J.T., Neuman, B.C.: RFC1510: The Kerberos Network Authentication Service (V5). Digital Equipment Corporation, USC/Information Sciences Institute (September 1993)Google Scholar
  7. [MTHZ92]
    Molva, R., Tsudik, G., Van Herreweghen, E., Zatti, S.: KryptoKnight Authentication and Key Distribution System. In: European Symposium on Research in Computer Security (ESORICS), pp. 155–174 (1992),Google Scholar
  8. [Pos81]
    Postel, J.: RFC791: Internet Protocol. Information Sciences Institute, University of Southern California (September 1981)Google Scholar
  9. [PP95]
    Parker, T., Pinkas, D.: SESAME V4 – Overview (December 1995)Google Scholar
  10. [Sim94]
    Simpson, W.: RFC1661: The Point-to-Point Protocol (PPP) (July 1994)Google Scholar
  11. [Sun00]
    Sun Microsystems, Inc., 901 San Antonio Road, Palo Alto, CA 94303 USA. Connected, Limited Device Configuration: Specification Version 1.0a, Java 2 Platform Micro Edition (May 2000)Google Scholar
  12. [Sun01]
    Sun Microsystems, Inc., 901 San Antonio Road, Palo Alto, CA 94303 USA. Connected Device Configuration (CDC) and the Foundation Profile (2001)Google Scholar
  13. [Sun02]
    Sun Microsystems, Inc., 901 San Antonio Road, Palo Alto, CA 94303 USA. The CLDC HotSpottm Implementation Virtual Machine, Java 2 Platform Micro Edition (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Kevin Tham
    • 1
  • Mark Looi
    • 1
  • Ernest Foo
    • 1
  1. 1.Information Security Research CentreQueensland University of TechnologyBrisbaneAustralia

Personalised recommendations