In this paper we present a system for enterprise rights management (ERM) for remote maintenance facilities. The Data provider inizializes a mobile device (terminal) by preloading a set of documents, the associated metadata along with the access policy. The envisioned scenario does not allow any further communication, so that documentation confidentiality is achieved by means of a biometric key-binding scheme featuring face recognition. We show that our scheme improves the privacy of operators’ biometric templates and the overall system usability. Moreover, we show experimentally that face biometry offers a sufficient level of stability for the purpose of the key recovery. Non-interactive security functionalities and access control enforcement leverage terminals featuring cryptographic hardware. To this end we present an operator device prototype implementation based on Trusted Execution Environments (TEE).
File in questo prodotto:
Non ci sono file associati a questo prodotto.