Zero-stop Authentication:Sensor-based Real-time Authentication System

Kenta Matsumiya1, Soko Aoki1, Masana Murase1, and Hideyuki Tokuda12

1 Graduate School of Media and Governance, Keio University2 Faculty of Environmental Information, Keio University

{kenta, soko, masana, hxt }@ht.sfc.keio.ac.jp

Abstract. This paper proposes “Zero-stop Authentication” system, which re-quires no intentional interactions between users and authentication applications.Our Zero-stop Authentication model simplifies the current complicated authen-tication process by automating detection of users and objects. Our challenge isto eliminate the necessity for users to wait for a moment to be authenticatedwithout reducing security level of authentication. To accomplish such real timeuser authentication in a physical environment, user mobility needs to be mod-elled. This paper models and formulates the user mobility and time constraints as“1/N × 1/M model”, considering user speed, sensor coverage areas, commu-nication time between the sensors and the server, and processing time consumedby an authentication process. We also prototyped a library application based on1/N × 1/M model, and installed it into Smart Furniture [1] which is an experi-mental platform to examine feasibility of our model.

1 Introduction

Environment surrounding us is becoming pervasive and ubiquitous [2], populated withmobile devices and various appliances. With the use of these devices, we can accesscomputational resources with increased mobility. Moreover, sensor technologies makesuch an environment smart, and enable proactive behavior of applications. The applica-tions proactively take the first action for the users by achieving both users’ and objects’context. An example of the proactive behavior can be found in an automatic door. AnIrDA sensor on top of the door detects a user coming, and opens the door without re-ceiving any explicit commands from the user. Due to the proactive behavior, users canaccess and execute computer services such as check-out applications in supermarketsand libraries without the need of intentional interaction with systems.

Despite the progress in above mentioned ubiquitous and mobile computing tech-nologies, authentication system and its architecture are becoming more complicated.Existing authentication systems require users to input their names and passwords orshow their identification cards to access computers and software. Let us assume, forexample, that a user borrows books, and checks out of a library. In the library, the userneeds to show an identification card to a librarian, and the librarian checks whether theuser is valid. After authenticating the user, the librarian checks books to lend. In thisprocess, both the user and the librarian need certain time for the authentication.

The key challenge is to eliminate users’ waiting time for authentication with securitylevels of authentication kept. This paper proposes a sensor-based automatic authentica-tion: zero-stop authentication, which diminishes user-computer or user-software inter-action mentioned above, providing “zero-stop” property. We define “zero-stop” prop-erty as a property of an authentication system not to make moving users pause duringauthentication process. To achieve this property, a system needs to meet the followingfour functionalities:

– Correctly detecting users and objects.– Providing active authentication that requires no input from users.– Providing real time response.– Presenting feedback of authentication results.

To provide real time response, first user and object mobility need to be modeled.Modelling free mobility in which users and objects are assumed to move around througharbitrary physical point and in arbitrary direction can be difficult. Rather, we have mod-elled one specific class of mobility in which users and objects pass through a certainphysical point in one direction. We can see such mobility pattern in real world, for ex-ample at gates in public buildings and infront of service counters. We expect that manyapplications can benefit if such a mobility class is formalized. Our model is called“Zero-stop Authentication”. In this model, the aim is not so much as to provide guar-antees for authenticaiton process to complete within certain time constraint. Our aimis to provide formulas to check if the entire authentication process can be completedwithin certain time, given the velocity of the user and system overhead, so necessarycompensation can be provided. To keep the authentication safe, we adopt existing se-curity technologies such as secure socket layer (SSL) [3] and IPSec [4]. Encryptiontechnologies like DES [5] and RSA [6] also secure authentication process.

The rest of this paper is structured as follows. Section 2 details requirements torealize Zero-stop Authentication and our contribution. In Section 3, we compare re-lated work with our system, and discuss whether current work can achieve the require-ments of the Zero-stop Authentication. Section 4 introduces “Zero-stop Authenticationmodel”, and formalizes users’ and objects’ mobility in terms of soft real-time oper-ations. Section 5 discusses the user-object binding problem that the system needs todistinguish which objects are whose, and then Section 6 designs system architecture ofthe sensor-based Zero-stop Authentication. In Section 7, we prototyped a library check-out application based on our Zero-stop Authentication model. Finally, we summarizethis paper, and discuss future work in Section 8.

2 Challenges

Sensing and networking technologies are rapidly developing. Computing devices ingeneral are also reducing their size, becoming more energy efficient and inexpensive.They are becoming pervasively available. These technological developments let us en-vision a computing environment where myriad devices actively sense and interact withus. For example, at the entrance gate in a subway station, users need to take their ticketsout of their purses or their pockets, then put it into the ticket gate and receive it. In this

context, exploiting an proactive ticket gate which detects the user’s ticket automaticallywill decrease users’ stress for handling the ticket.

Turning to our daily activities, situations in which we need to authenticate ourselvesare increasing. For example, we log on to computers, show ID cards when entering au-thorized buildings and spaces, show credit cards to purchase merchandises (on-line aswell as off-line), and so on. Making environments proactively authenticate users re-duces stress on users greatly in aforementioned situations. In fact, such applications arestarting to be even commercially available [7] [8]. However, these applications orga-nize sensors, devices, and software functions on their own. A generic model is yet to beavailable.

The main challenge of this paper is achieving a sensor based real-time authenti-cation which authenticates multiple users passing by an authentication gate carryingmultiple objects. In realizing the authentication system, there are mainly two sub chal-lenges: modeling user and object mobility and object binding.

To support the user’s continuous mobility during the authentication process, the au-thentication system needs to finish its tasks within a certain time. The necessary time forauthentication strongly depends on the hardware and software performance. Thereforewe need to formalize the mobility of users and objects and utilize this formulation whendesigning and installing the zero-stop authentication system. In this formalization, wehave made four models of mobility according to the number of users and objects. Inthe first model, there is one user carrying one object in the authentication area. In thesecond model, there is one user carrying multiple objects in the area. In the third model,there are multiple users and each of them brings one object. In the fourth model, thereare multiple users and each of them brings multiple objects.

When multiple users carrying multiple objects go through the authentication area atthe same time, the authentication system needs to distinguish which objects are whose.If the system fails, some objects might be wrongly assigned to other users. The bindingof users and objects should be done either within the sensor or within the user’s clientdevice. In the former case, the sensor detects all the users and objects collectively anddistinguish each object. In the latter case, the client device detects all the objects userchoose and the client device informs the sensor collectively. As a result, the sensor candistinguish the objects by the data sent from the user’s device.

In consideration of aforementioned model, we design and implement the sensor-based real-time authentication system. The architecture of the system includes sensorsfor detecting users and objects, authentication program, and result output devices. Ageneric model of authentication system needs to take several kinds of sensors and de-vices into consideration. An overall procedure of the new sensor-based authenticationneeds to be designed not only to reduce the users’ burden on authentication but alsoto recognize, guide, and give feedback to the users. After implementing the zero-stopauthentication system, the system needs to be applied to some contexts and be tested.In the experiment, multiple users with multiple objects go through the authenticationarea at a certain speed. In case the authentication system fails to detect or authenticatethe users and objects, the users needs to be stopped and the system needs to run errorrecovery program.

3 Related Work

The ActiveBadge system [9] and BAT system [10] are sensor management systems forcontext-aware applications which tracks users and objects. In this tracking system, theusers and various objects are tagged with the wireless transmitters, and their location isstored in a database. Therefore main goal of the BAT system is detection of users’ andobjects’ accurate location. Since the objective of Zero-stop Authentication system is tobuild an authentication system on top of a sensor system, the ActiveBadge and the BATcan complement our system.

Intelligent Transport System (ITS) [11], especially, the electronic toll collection(ETC) system [12] allows cars to go through the toll gate without stopping. To real-ize non-stop payment at the toll gate, automotive vehicles are equipped with devicescapable of wireless communication with the toll gate. When these vehicles enter thecommunication area that a toll gate covers, the toll gate begins to authenticate vehicles,and then withdraws money from banks. In this authentication process, it is necessary toidentify automotive vehicles or IDs such as a credit card number or a unique numberbound to a credit card number. [13] proposes the method to identify automotive vehi-cles by using a retroreflective optical scanner, whereas [14] identifies moving vehiclesby smart cards with radio frequency (RF) or infrared (IR) transponders or RF smarttags. However, the ETC model does not address the binding problem since it assumesall the vehicles are serialized. Our model, on the other hand, deals with cases wheremultiple users bringing multiple objects need to be authenticated at a time.

Zero-Interaction Authentication (ZIA) [15] is an authentication system in whicha user wears a small authentication token that communicates with a laptop computerover a short-range wireless link. Whenever the laptop needs decryption authority, thelaptop acquires the decryption authority from the token and authority is retained only aslong as it’s necessary. ZIA is similar to our model in its goal of authenticating the userwithout stopping them. The main differences between these two models are that ourmodel authenticate both users and objects, and formalizes their mobility by consideringthe real time aspect.

4 Models for Zero-stop Authentication

We formulate Zero-stop Authentication in this section. To realize zero-stop operationsof authentication, an authentication server embedded in a gate (gate server) detects usersand objects by cooperating with sensors, and then authenticates users within real time.

In our procedural assumption, the gate server can not process the authenticationoperations concurrently, because it runs according to the challenge-response manner.Moreover, we assume that a task deadline is a soft deadline. The gate server checks thisdeadline, and it processes authentication error operations, if a deadline miss occurs.

This paper discusses the following case: a user-detecting sensor observesN users,and an object-detecting sensor recognizesMN objects, whereMi is the number ofobjects carried by useri. The reason why we use two types of sensors is to make thesystem practical. It is considered that inexpensive sensors can be used to detect objects,while richer sensors that can perform authentication protocols are needed for users.

In this section, we introduce four models of zero-stop authentication. These mod-els can be applied to several applications such as library applications and supermarketcheck-out applications.

(a) 1/1× 1/1 modelIn this model, both the user-detecting sensor and the object-detecting sensor sensethe only one entity at a time.

(b) 1/1× 1/M modelIn this model, the user-detecting sensor detects only one user, while the object-detecting sensor recognizes multiple objects at a time.

(c) 1/N × 1/1 modelIn this model, the user-detecting sensor detectsN users, while the object-detectingsensor detects an object per user.

(d) 1/N × 1/M modelIn this model, a user-detecting sensor observesN users, and one object-detectingsensor recognizesMN objects per user.

4.1 Models of Environment

Figure 1 illustrates the environment we assume. Although coverage-shapes of all sen-sors are not circular, many RF sensors with omni-directional antennas such as IEEE-802.11b standardized devices and RF-ID readers can detect objects appeared in a cer-tain circular area. Thus, we model that the coverage areas of the user-detecting sensorand the object-detecting sensor are circles of radiusRusr and Robj , respectively. IfRusr ≤ Robj is satisfied, two sensors and a gate server are placed as Figure 1-(a) shows(each sensors are located at the gate). Figure 1-(b) depicts the contrary case i.e., in thecase ofRusr > Robj .

Fig. 1. Environment of The Zero-Stop Authentication System

As for user movement, we assume that a user walks straight along the collinearline of two sensors and the gate server at a constant velocity,V . By the time whena user reaches a processing deadline point (PDP), the gate server should finish boththe authentication and the object processing. Then the server temporarily stores thoseresults in its memory or storage. The gate server updates information about the userand objects by the time when the user passes through the gate (transaction deadlinepoint: TDP). Users can obtain the feedback of authentication and object-binding by thegate server while they exist between PDP and TDP. The length between PDP and TDPdepends on applications, since each application consumes different time required forfeedback to users.

4.2 Time Constrained Operations

(a)1/1×1/1 Model In a single user case, we assume that the user enters the coveragearea of the user-detecting sensor or the object-detecting sensor at timet = 0. In thiscondition, the gate server should authenticate the user within the following given time:

Rusr − l

V− α− β −AT ≥ 0 (1)

wherel stands for the distance between PDP and TDP,α is the processing time of theuser-detecting sensor to discover users,β stands for the time to transfer a user-ID datumfrom the user-detecting sensor to the gate server, andAT is the authentication time.

The velocity of objects can be obtained by approximating user’s velocity. This isbecause objects travel at the same velocityV , since the user carries objects. The gateserver should process operations for the object within the time:

Robj − l

V− γ − δ −OT ≥ 0 (2)

where the parameterγ is the processing time of the object-detecting sensor,δ is thecommunication time to transfer an object-ID datum from the object-detecting sensorto the gate server, andOT stands for the time taken by the gate server to process theoperation for the single object.

(b) 1/1 × 1/M Model The constraint of the authentication is the same inequalityas formula 1, since the gate server also authenticate a single user in case (b). How-ever, the gate server processes operations forM objects. Therefore, it should satisfy thefollowing relationship to realize that the user does not need to stop at the gate:

Robj − l

V−

M∑

j=1

γj −M∑

j=1

δj −M∑

j=1

OTj ≥ 0 (3)

for 1 ≤ j ≤ M , whereγj is the processing time consumed by the object-detectingsensor to discover objectj, γj represents the communication time to send the ID ofobjectj from the object-detecting sensor to the gate server, andOTj is the processingtime to modify the state of objectj. Formula 3 assumes that the object-detecting sensor

can not concurrently scan multiple objects. If it is possible, the new formula becomessimpler:

∑Mj=1 γj is substituted withγmax which is the greatest value of allγj . In

addition, the communication time,∑M

j=1 δj , can be reduced, if object ID data can betransfered by less than M packets.

(c) 1/N × 1/1 Model We consider a more complex case than case (a) and (b):Nusers pass through a gate carrying a single object for each. In the multiple users case,useri enters into the coverage area of a user-detecting sensor or an object-detectingsensor at timeti. In this case, the time-constrained computation for authenticating useri is as follows:

ti +Rusr − l

Vi− αi − βi −ATi ≥ ti (4)

for 1 ≤ i ≤ N , whereαi represents the time to detect useri, βi is the communicationtime between the user-detecting sensor and the gate server, andATi is the time takenby the gate server to authenticate useri.

If ∀Vi = ∀Vj (i 6= j) is met, or operations for each users are serialized like ATMin a bank, the gate server just authenticates users, following the first-in-first-out (FIFO)discipline; otherwise the gate server should reschedule the order of authentication op-erations to minimize deadline misses. To address this issue, we have two approaches.One is using the earliest-deadline-first algorithm [16] which schedules the user with theclosest deadline first. According to this scheduling policy, the gate server can determinethe priority of each user by calculatingDi in the formula:

Di = ETi +Rusr − l

Vi− αi − βi −ATi (5)

whereETi is the time when useri enters the coverage area of the user-detecting sensor.The other one is building least-slack-time scheduling [17] into the gate server. In

this case, the slack time for authenticating useri at timet is Di− pi− t, wherepi is theprocessing time to authenticate users.

(d) 1/N × 1/M Model A model for multiple users carrying multiple objects foreach is discussed here. The order to authenticate allN users can be determined by userselection algorithms. To realize Zero-stop operations, the gate server should meet thefollowing formula to modify the state of objectj:

Robj − l

Vi−

Mi∑

j=1

γj −Mi∑

j=1

δj −Mi∑

j=1

OTj ≥ 0 (6)

for 1 ≤ i ≤ N and1 ≤ j ≤ Mi, whereMi is the number of objects that useri carries.

5 Object Binding

In both 1/N × 1/1 model and1/N × 1/M model, the authentication system needsto bind objects to users. Examples of objects are books in libraries, and merchandises

in supermarkets. If these objects are appropriately bound to users, applications will beable to register, or charge them to the user. The main challenge is to correctly senseand distinguish objects belonging to a user. While mechanisms to sense an object ismaturing, those to distinguish it, and to bind it to an appropriate user is not as thoroughlyinvestigated.

We introduce three ideas in the following that can be used to effectively distinguishbetween objects belonging to a user from others’. In our assumption, objects are taggedwith wireless identification devices, such as RF tags. We will classify these tags intotwo groups: Read-Only, and Read-Write.

guidance The guidance approach is a technique to transform1/N × 1/1 model or1/N × 1/M model to1/1 × 1/1 model. In this approach, users are physicallyguided, so only one user is sensed by the system at a time. This method has analo-gies to traditional object binding methods, such as in supermarkets. However usersoften queue in supermarkets, so enough gates to realize the zero-stop property isrequired.

insulation We use an insulator to obstruct radio wave to or from the tags attached tothe objects. The insulator will likely take the form of specialized containers, such asshopping carts. In this approach, the authentication system detects a user who existsclose to the gate, and authenticates him or her. After that, the authorized user opensthe container so that the objects are exposed to, or freed to give off radio waves.The identification of the objects recognized at that point is bound to the target ofthe authentication. Other users must not open their container during this process,because object binding misses occur.

marking Objects have writable tags attached, and users use devices to write their IDsto those tags. When objects are sensed, these IDs are also sensed, and reported tothe system, allowing it to bind the objects to the user.

Table 1 classifies each binding method by types of tags and required devices.

Table 1.binding methods

method tag typedevice

guidance RO gateinsulationRO insulation containermarking RW marking device

6 System Architecture

There are six modules as shown in Figure2 in our system. We assume that devices suchas sensors, displays, and speakers can be controlled directly over a network, or from a

computer that is connected to a network. The system itself runs on a designated com-puter.Detection modulemanages sensors which detect users and objects, and throwsevents or data obtained from sensors.Event process moduleprocesses the raw events ordata into a form that is recognizable to the rest of the system. It passes user identifiers tothe authentication module, and object identifiers to the binding module.Authenticationmodulemanages authentication mechanisms and protocols, and conducts user authen-tication. If the authentication succeeds,binding modulebinds objects with the user.Feedback process moduleprocesses commands for output devices, from the feedbackinformation passed from applications.Output modulemanages output devices, and dis-patches commands to the correct output device based on users’ context or requirements.Applications may choose to use the feedback functions of the system, or choose not todo so.

Fig. 2.Architecture

In the rest of this section, we describe in detail about four features which our au-thentication needs to acquire: Recognition and guidance of users and objects, bindingobjects to users, maintaining user and object state, and presentation of feedback anderror correction.

6.1 Recognition and Guidance

The system needs to physically recognize and guide users and objects. Recognition maybe done by existing sensor mechanisms. In order to achieve zero-stop property, usersneed to be successfully authenticated within a specific period of time. Thus, there areconstraints on sensing overhead.

Guidance is an issue related to recognition. Existing examples of physical guidanceinclude gates and doors at building entrances, cash counters in supermarkets, and vari-ous toll gates on roadways. Some sensing technologies have problems in sensing mul-tiple objects within same physical area, or objects moving in exceedingly high speed.In order to accomplish the authentication task using such sensing technologies, objectsmust be physically guided to support the sensors. Objects are guided to pass a particulararea, managed into sequential queues, and their speed may be reduced.

In case users carry objects that need to be bound to themselves such as merchandisesin supermarkets, the sensors need to distinguish between multiple objects, or betweenobjects belonging to an user from those that belong to others. If the sensors were notable to accomplish this task, objects may need to be bundled or separated accordingly.

6.2 User and Object State

The system need to keep track of user and object state. Their physical context shouldbe mapped accordingly to the internal objects maintained by the system. Figure 3 illus-trates the state graph of users and objects.

The system may loose or mix up users and objects due to sensing problems, andincorrect binding may occur. The system need to recover from these errors, and allowusers to correct improper transactions.

Fig. 3. State graph of users and objects

6.3 Feedback and Error Correction

The objective of the feedback is to allow users to acknowledge the result of the au-thentication, verify if objects were correctly bound to them, and browse other relatedinformation such as a due date of a book or credits withdrawn from their bank accounts.

The presentation of the feedback can be done visually, or through other methodssuch as audio synthesizing. Simple results that can be expressed in several patterns, maybe presented using simple and intuitive presentation methods, such as color pattern ofan LCD. We believe that this kind of presentation method will gain more popularity inthe forthcoming ubiquitous computing environment as a way to output computationalresults.

Error correction is another important field for our system to address. Authenticationand transaction might generate errors such as authentication failure, miss-binding ofobjects, and unreasonable withdrawal of credits. The system need to permit users tointeract with the system, and correct these errors.

Traditional interaction devices such as keyboards and mice are not an ideal candi-date for our interaction methods, since they are immobile and interaction intensive. Oneway to go around this problem is to construct a user interface which is accessible fromvoice operation or gesture operation. Their interaction method and physical form mayvary between the different applications that adopt them. Another solution may be toconstruct a software agent that automatically corrects the errors on behalf of the users.

6.4 Development

Final point to consider when constructing a Zero-stop Authentication system, is devel-opment procedure. Usability of the system is limited mainly due to the overhead andability of sensor devices and authentication methods. Current technologies may not beable to permit, for example, tens of automobiles each traveling over 100km/h to be au-thenticated at once. They are likely to be asked instead to slow down to under 50km/h,and pass a gate one by one. Development in the sensing and authentication technologieshowever, may enable the intended scenario. So, the development and deployment of thesystem should be done incrementally, gradually freeing users from physical constraints.

7 Prototype Implementation

We prototyped sensor-based authentication system based on the Zero-stop Authentica-tion model proposed in this paper. Besides the prototype system of Zero-stop Authenti-cation, a library check-out application is also implemented using JDK 1.3.1.

7.1 Authentication System and Application

Figure 4 depicts Smart Furniture which is an experimental platform of a gate server.Two types of sensors are equipped with the gate server, and they are RF-based sensordevices; a wireless LAN device to detect users and an RFID tag sensor to detect objects.Hardware composition is explained in Figure 5 with its specification in Table 2 andTable 3.

The prototype authentication system is composed of six modules mentioned in Sec-tion 6. In our current implementation, the detection module obtains sensor data fromthe wireless LAN device and the RFID tag sensor. Therefore, we developed their sen-sor driver programs for sending sensor data to the detection module. The wireless LAN

Fig. 4.Smart Furniture: (a) a testbed for uqibuitous applications; (b) Zero-stop Authen-tication system with a library application

Table 2.Computing Devices Used in Prototype Implementation

item iPAQ ThinkPADType User Terminal (PDA)Gate Server (notebook PC)CPU StrongARM Intel PentiumIII

206MHz 850MHzMemory 64MB 256MBOS Familiar Linux v0.5.1FreeBSD 5.0 CURRENTNetwork Interface802.11b 802.11b (IBSS-Mode)Others TFT Display

sensor driver program detects users’ portable devices using signal strength, and thenprovides the IP address of the user’s terminal with the highest level of signal strengthamong others detected by the sensor. To measure signal strength, we utilize IBSS modeof an IEEE 802.11b standardized device. After obtaining the IP address, the authentica-tion module tries to communicate with the host to which the IP address is assigned, andthen it starts an authentication process (simple challenge-response protocol). The au-thentication module authenticates users by searching within a PostgreSQL based database server where student information (IDs, passwords, names etc.) is stored. In theauthentication process, the communication link between users’ terminals and the gateserver is protected by SSL.

After authenticating the user successfully, the RFID tag sensor driver program de-tects books to which RFID tags are attached. At the same time, the binding modulebinds the user and books, and provides the authentication module with the binding in-formation. Finally, the output module indicates authentication results on the LCD screenof Smart Furniture for users so as to confirm details. Figure 6-(b) illustrates the screen

Fig. 5.Hardware Composition

Table 3.Sensor Devices Used in Prototype Implementation

item Wireless LAN RFID SensorType User Terminal (Wireless LAN)Gate Server (RFID Reader)Detection Range 160m(outside),50m(indoor) 15m(indoor)Read Rate 75 tags / secondOperating Frequency2412-2484 MHz 303.8 MHzOthers

dump of graphical user interface which appears during the authentication process forthe confirmation.

If the authentication fails, the object detection operation above is not processed. Instead of this operation, the feedback module produces error messages, and shows themon the LCD screen of Smart Furniture cooperating with the output module as Figure6-(c) shows. Furthermore, it also blocks the path of a user by closing the library gate,or setting off an alarm.

7.2 System Measurement

We have tested our system for 100 times under the condition of adjusting wireless LAN-40db to detect and -50db to lose the connection. This signal strength makes the authen-tication area as large as 2m in radius. The detection and authentication time necessaryfor our system was 599.33msec on average which is fast enough for the system toauthenticate users before users passing through the authentication area. The standarddeviation in our measurement result was 30.93.

Fig. 6.Screen dump of authentication results: (a) waiting for authentication; (b) authen-tication is successfully done; (c) authentication failure occurs

7.3 Serialization Scheme

Since we have utilized RFIDs which are not data writable and read only, we haveadopted the guidance method described in section 5 for the object binding.

Our library application and authentication system should deal with a concurrencyaccess problem. When several users concurrently access the gate server at the sameplace, the gate server can not realize zero-stop property. Some tasks may fail and misstheir deadline, because the gate server can not provide enough resources. To addressthis issue, the serialization scheme is introduced in our system as Figure 7 illustrates.

Fig. 7. Serialization Scheme

8 Conclusion

This paper presents Zero-stop Authentication, a sensor-based real-time authenticationsystem in which no intentional interaction between users and authentication system is

required. In our system, we have attached several sensors on the gate to detect users andobjects and authenticate them. To realize Zero-stop authentication, the system needsto finish the authentication process within real time. Therefore we have formulatedthe mobility of users and objects. The prototype of Zero-stop Authentication is imple-mented in Java, and uses Wireless LAN and RFID reader to detect users and objects.We have applied our system to the library’s authentication with Smart Furniture a testbed infrastructure.

We are extending the current system to cope with several problems which are notovercome. Two examples of future work are object binding problem and terminal theftproblem.

In our prototype implementation, we adopted the guidance method for object bind-ing. Since it can transform complicated models into 1/1 x 1/1 model, we were able tokeep the system simple. However, in order to provide higher usability by not makingusers queue up, the system needs to support 1/N x 1/1 model or 1/N x 1/M model. Torealize these models, we need to implement a more complex system, and at the sametime apply other binding methods such as insulation and marking.

We have tried to simplify the current complicated authentication process withoutdiminishing security level by using several security and encryption technologies. How-ever, there is still a threat that a client device or a tag which a user should have would bestolen. For these problems, authentication technology for the device such as biometricsis usable.

Acknowledgement

We thank Uchida Yoko Corporation for their collaborating work on ”Smart Furniture”.

References

1. K. Takashio, S. Aoki, M. Murase, K. Matsumiya, N. Nishio, and H. Tokuda, “Smart hot-spot: Taking out ubiquitous smart computing environment anywhere”, 2002, InternationalConference on Pervasive Computing (Demo Presentations).

2. M. Weiser, “The computer for the twenty-century”, vol. 265, no. 3, pp. 94–104, 1991,Scientific American.

3. A. Freier, P. Kartiton, and P. Kocher, “The ssl protocol: version 3.0”, 1996, Tech Rep.,Internet-draft.

4. S. Kent and R. Atkinson, “Security architecture for the internet protocol”, 1998, IETF RFC2401.

5. W. Deffie and M. E. Hellman, “New directions in cryptography”, 1976, pp. 644–654, IEEETransactions on Information Theory IT-22.

6. R. Rivest, A. Shamir, and L. Adleman, “A method for obtaing digital signatures and public-key cryptosystems”, inCommunications of the ACM, 1978, vol. 21, pp. 120–126.

7. Ensure Technologies Inc., “Xyloc”, 2001, http://www.ensuretech.com/.8. Sony Corporation, “Felica: Contactless smart card system”, 2002,

http://www.sony.net/Products/felica/.9. R. Want, A. Hopper, V. Falcao, and J. Gibbons, “The active badge location system”, Tech.

Rep. 92.1, ORL, 24a Trumpington Street, Cambridge CB2 1QA, 1992.

10. A. Harter, A. Hopper, P. Steggles, A. Ward, and P. Webster, “The anatomy of a context-awareapplication”, inInternational Conference on Mobile Computing and Networking, 1999, pp.59–68.

11. ITS America, “Intelligent transportation system”, 2002, http://www.itsa.org/standards.12. ETTM On The Web, “Electoronic toll collection system”, 2002, http://www.ettm.com/.13. H. Okabe, K.Takemura, S. Ogata, and T. Yamashita, “Compact vehicle sensor using a retrore-

flective optical scanner”, inIEEE Conference of Intelligent Transportation Systems, 1997,pp. 201–205.

14. ETTM On The Web, “Automatic vehicle identification”, 2002,http://www.ettm.com/avi.htm.

15. M. Corner and B. Noble, “Zero-interaction authentication”, inInternational Conference onMobile Computing and Networking, 2002.

16. M. L. Dertouzos, “Control robotics: The procedural control of physical processes”, inProceedings of the IFIP Congress, 1974, pp. 807–813.

17. R. W. Conway, M. L. Maxwell, and L. W. Miller, “Theory of scheduling”, 1967, Addison-Wesley.