Abstract

High flexibility demands of business processes in an inter-organizational context potentially conflict with existing security needs, mainly implied by regulative and legal requirements. In order to comply with these it has to be ensured that access to information within the workflow is restricted to authorized participants. Furthermore, the system might be required to prove this retrospectively. In highly flexible environments, particularly when documents leave the owner’s security domain, the scope of trust must be expendable throughout the workflow. Usage control provides practical concepts. However, user authentication remains a major vulnerability. In order to ensure effective access control the possibility of process-wide enforcement of strong authentication is needed. Inherently, strong user authentication can be realized applying biometrics, though practical reasons still slow the broad application of biometric authentication methods in common workflow scenarios. This work proposes the combination of usage control and typing biometrics to secure interorganizational workflows in highly dynamic environments. On the one hand, usage control provides high flexibility for document-centric workflows but relies on the enforcement of strong authentication. On the other hand, authentication based on typing is flexible in both deployment and application. Furthermore, the inherent privacy problem of biometrics is significantly weakened by the proposed approach.

Share

COinS