Implementation of smart saver, logged-in device protector

Abstract

Unauthorized access by malicious user could be very dangerous to all information systems. As a technical solution to prevent this, IAM (Identity and Access Management) is available. Many systems trust users who passed the system’s authentication or log-in until log-out. However, IAM operates passively by traffic between devices and systems. Because IAM can’t see the user of the device, it considers all traffic from the device after log-in is generated by the log-in user. Therefore, a logged-in and unattended device could be a security vulnerability of the system because it can be used by a malicious user nearby. Currently, many systems entirely rely on individual users to protect their devices. However, this study suggests an idea of technical solution called smart saver to protect the logged-in devices more securely. The smart saver triggers screen saver immediately upon detection of absence or change of the logged-in user using camera sensor of the device. For this, smart saver extracts and uses user’s appearance features and tries not to violate the recent trend of strengthening identity information protection. And this study shows the feasibility of smart saver through experiments.

Keywords

• GDPR
• IAM
• Logged-in Device Protector
• Smart Saver
• Zero Trust

References

1. [1] Park, G., A Proposal to apply smart saver to prevent identity theft, 2022 Spring Conf. Korean Society for Internet Information, Apr. 2022
2. [2] Collier, Z. A., Sarkis, J., The zero-trust supply chain: Managing supply chain risk in the absence of trust, International Journal of Production Research, Vol. 59, No. 11, 2021, pp. 3430-3445
3. [3] Kerman, A., Borchert, O., Rose, S., Implementing a zero-trust architecture, Draft, National Cybersecurity Center of Excellence (NCCOE), NIST, Mar. 2020
4. [4] Pol, V. J., Identity and access management tools, International Journal of Trend in Scientific Research and Development (IJTSRD), Vol. 3, Issue 4, May-Jun 2019, pp. 796-798
5. [5] Burhop, D., Greenberg, M., Maxwell, J., Identity and Access Management, I AM Who I Say I AM (WHITE PAPER), Virginia’s Council on Technology Services Identity and Access Workgroup, Jun. 20, 2007
6. [6] Mohammed, I. A., Identity Management Capability Powered by Artificial Intelligence to Transform the Way User Access Privileges Are Managed, Monitored and Controlled, 2021 International Journal of Creative Research Thoughts (IJCRT), Vol. 9, Issue 1, Jan. 2021
7. [7] Kunza, M., Puchta, A., Groll, S., Fuchs, L., Pernul, G., Attribute Quality Management for Dynamic Identity and Access Management, Journal of Information Security and Applications, Nov. 2018
8. [8] Zaeem, R. N., Barber, K. S., The effect of the GDPR on privacy policies: recent progress and future promise, ACM Transactions on Management Information Systems, Vol. 12, No. 1, Article 2. Dec. 2020

9. [9] Haque, A. B., Islam, A. K. M. N., Hyrynsalmi, S., Naqvi, B., Smolander, K., GDPR compliant blockchains-A systematic literature review, IEEE Access, Vol. 9, Apr. 2021
10. [10] Li, H., Yu, L., He, W., The impact of GDPR on global technology development, Journal of Global Information Technology Management, Vol. 22, No. 1, 2019.
11. [11] Park, S., Yoon, S., Jung, E., Yang, J., Method and apparatus for controlling authentication state of electronic device, US Patent, No. US 2015/0288681 A1, Oct. 8, 2015.