Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sectoral operational programme „Increase of economic competitiveness” „Investments for your future” Project co-financed by the European Regional Development.

Published byGwendolyn Hunt Modified over 8 years ago

Similar presentations

Presentation on theme: "Sectoral operational programme „Increase of economic competitiveness” „Investments for your future” Project co-financed by the European Regional Development."— Presentation transcript:

1 Sectoral operational programme „Increase of economic competitiveness” „Investments for your future” Project co-financed by the European Regional Development Fund “The content of this material does not necessarily represent the official position of the European Union or the Romanian Government” ATHOS Team July 15, 2013 Automated system of authenticating through biometric signature - ATHOS

2 ATHOS Introduction Overview Technical Description Slides before 1st Section Divider Demo

3 pptPlex Section Divider Introduction The slides after this divider will be grouped into a section and given the label you type above. Feel free to move this slide to any position in the deck.

4 Motivation Considering that virtual attacks take place more and more often, with increasing damage, there is a need to increase the safety degree of applications representing targets for the attackers.

5 The project objective the inclusion of the signature based authentication procedure, to increase the security degree of on-line authentication the reduction of the implementation time allotted to execute the authentication system by the developers for this type of solution

6 Where did we start from? ATHOS bases Patent for signature authentication system BIOACSSISEB

7 What have we reached? Project eligible expenses financed from public funds : 912.843 RON New jobs created due to the project: 3 Patent applications resulted from the project: 1 Scientific publications resulted from the project: 3 Private financial contribution of the applicant: 1.386.648 RON Project eligible expenses made by SOFTWIN: 2.118.250 RON

8 pptPlex Section Divider Overview The slides after this divider will be grouped into a section and given the label you type above. Feel free to move this slide to any position in the deck.

9 System functions Security Authorization, confidentiality, integrity Disponibility Over 99% uptime Acuracy Performances of the signature authenticating methods FRR (False Rejection Rate) FAR (False Acceptance Rate) Capacity Maintaining system efficiency when processing a large number of applications in real time using limited resources Nvidia CUDA solution– high processing power at a reduced price

10 System functions Modifiability Treating a high number of requests from customers in different geographical regions – replication Interoperability Modifiable architecture– multiple biometric technologies can be used Scalability Optimal distribution of tasks by resources Reduced time to design and implement the solution

11 Workflow – the developer License acquisition+ SDK Creating application instance Developing application Activating application

12 Workflow – the final user Create system account RegistrationAuthentication

13 Licensing mode Requirement of SLA (Service Level Agreement) Maximum response time Maximum number of requests per minute Maximum number of users registered in the system Example: E-banking application vs timesheet application

14 Commercial package 1) Selling authentication services to developers: Subscription fee 2) Pay-per-use: Fee for each authentication Package content: Client SDK User manuals Development licenses + production

15 Performances* Security level FRR: max. 10-15% FAR: max. 1% Response time: 1-5 seconds Number of requests per minute: thousands- tens of thousands** * only with the purchased license and while the system is not overloaded ** depending on hardware configuration

16 pptPlex Section Divider Technical Description The slides after this divider will be grouped into a section and given the label you type above. Feel free to move this slide to any position in the deck.

17 Security Module Security Module Notifier Load Balancer System architecture ATHOS Service Computing Service Worker n Worker 2 Worker 1 Data Service Error Logging Service Aplications Users Specimens Logs PROXY Inspector ATHOS Portal License Administration Module PROXY Client 1 application Client 2 application PROXY Client m application

18 ATHOS Service Reverse PROXY Receiving and validating requests For authentication For data Security – TSL, HTTPS, mutual authentication (certificates) System architecture – Server components Load Balancer ATHOS Service Computing Service Worker n Worker 2 Worker 1

19 System architecture – Server components Computing Service Configuring tasks Return the application and user data Assigning priorities Taking the template from the database Monitoring Tasks System loading level Statistical information management and storage of Workers Load Balancer ATHOS Service Computing Service Worker n Worker 2 Worker 1

20 System architecture – Server components Load Balancer Task distribution by resources License requirement compliance optimization Resource usage optimization Processing capacity optimization ATHOS Service Computing Service Worker n Worker 2 Worker 1 Load Balancer

21 System architecture – Server components Worker Authentication process optimization Biometric authentication API Processing on multi-core (CPU) şi many-core (GPU) computer units Load Balancer ATHOS Service Computing Service Worker n Worker 2 Worker 1

22 System architecture – Server components Data Service Authorizing and serving data requests Data validation and storage Aplications Users Specimens Components Security Module Hashing Encryption Notifier Error Logging Service Logs Security Module Security Module Data Service Aplications Users Specimens

23 System architecture – Server components Error Logging Service Registration of component events Notification via e-mail on application and system level Periodic On demand Generate reports on application and system level Periodic On demand Notifier Error Logging Service Log-uri Security Module Security Module Data Service Aplications Users Specimens

24 System architecture – Server components ATHOS Portal Application management User management (partial) Management of system components Template storage Configuration of auxiliary services (logging, reporting) PROXY Inspector ATHOS Portal License Administration Module

25 System architecture – Server components PROXY Inspector Enables processing tasks to the client Monitors the subtask processing modules License Administration Module ATHOS module or third-party Management of commercial use licenses PROXY Inspector ATHOS Portal License Administration Module

26 Funcționalități specifice integrării ATHOS Modul achiziție semnături System architecture – Client components PROXY Communication module with ATHOS Interoperability Secured access Forwarding subtasks Client application Signature acquisition module ATHOS specific integration code Application specific code Client Execution Module PROXY Aplicație client Client Execution Module

27 Workflow - authentication Security Module Security Module Load Balancer ATHOS Service Computing Service Worker Signature in BIR format Data Service PROXY Client application Signature acquisition module Authentication request generated by application Authentication request in ATHOS standard format Application/User data request Template request Encrypted template Decrypted template Authentication task Processing request Processing result Task result Response to authentication request

28 Scheduling algorithm Algorithm developed by SOFTWIN team, patent pending (US PTO) Authentication task distribution by available resources SLA compliance Efficient resource usage Uniform decrease of performances when loading

29 Scheduling algorithm Specific auxiliary modules Data structure for storing tasks Distribution/Scheduling module Monitoring module State/performances estimating module Configuration task module Prioritization sub- module Classification sub- module

30 Scheduling algorithm Prioritization scheme based on SLA Determining the proportionality between urgent and non-urgent tasks Resource classification based on task proportionality Capacity Processing power Confidence level

31 Security Secured connection between clients and ATHOS core (TSL) Template encrypted storage(AES) Authentication and authorization on ATHOS service level

32 Technologies

33 Performances SLA compliance Performance decreasing „Stress testing” 14% standard deviation of performance decrease per applications LoadingSLA conditionCompliance degree NormalGuaranteed number of requests per minute100% Guaranteed response time100% HighGuaranteed number of requests per minute99.6% Guaranteed response time90%

34 Performances Processing capacity of Workers Hardware configurationNumber of authentication processes Number of requests/ 60 seconds Average response time (miliseconds) Intel Core 2 Duo CPU2120487 Intel Core i5-3320M1350249 Intel Core 2 Duo E7400 GPU (2 x nVidia GeForce GTX 275) 2900385 Intel Xeon X55603120722 Intel Xeon E5-24074600398 Intel Core i5-2500 GPU (3 x nVidia GeForce GTX 570) 34000291

35 Performances Scalability

36 Performances Resource loading Tasks / minuteSolved tasks on resource 1 (%) Solved tasks on resource 2 (%) 20050%50% (50%-0%) 40050%50% (48%-2%) 60050%50% (30%-20%) 80052%48% (23%-25%) 100046%54% (27%-27%) 120041%59% (29%-30%)

37 Performances Up to 5000 requests per minute(7,2 million requests/day) Data server Intel Xeon E5-2407, CPU: 2.40 GHz, 2 proc. x 8 core x 1 thread Central server Intel Xeon E7302, CPU: 2.13GHz, 4 core X 4 threads Workers Intel Core 2 Duo CPU 3 x Intel Core i5-3320M Intel Core 2 Duo E7400, GPU (2 x nVidia GeForce GTX 275) Intel Core i5-2500, GPU (3 x nVidia GeForce GTX 570)

38 Additional information A. Salinca, S. M. Rusu, Ș. Diaconescu: An approach to data collection in an online signature verification system, 8th International Conference on Web Information Systems and Technologies, Porto, Portugal 18 – 21 April 2012, WEBIST A. Salinca, S. M. Rusu, A. M. Pricochi: SOA–Based Authentication System for Dynamic Handwritten Signature, Advances in Information Systems and Technologies, 735-744, Springer Berlin Heidelberg, 2013 A. M. Pricochi, A. Salinca, S. M. Rusu, B. Ivașcu: A Dynamic Load Balancing Strategy for a Distributed Biometric Authentication System, 9th International Conference on Web Information Systems and Technologies, Aachen, Germany 8 – 10 May 2013, WEBIST

39 pptPlex Section Divider Demo The slides after this divider will be grouped into a section and given the label you type above. Feel free to move this slide to any position in the deck.

40 Demo ATHOS Athos Portal HomeBank- type Demo

41 ATHOS Workflow Demo HomeBank-type demo Dynamic handwritten signature authentication using ATHOS Application development according to SDK Adding user in the application from ATHOS Adding application in ATHOS Purchase license Insert into the systemActivate application Adding subject in ATHOS Create accountActivate account

42 Demo – facilities ATHOS RegistrationAuthentication User Management Sync app users Sync app data Event notification Reports and statistics Security Management SDK

43 Q & A Thank you!

Download ppt "Sectoral operational programme „Increase of economic competitiveness” „Investments for your future” Project co-financed by the European Regional Development."

Similar presentations

MQ Series Cross Platform Dominant Messaging sw – 70% of market Messaging API same on all platforms Guaranteed one-time delivery Two-Phase Commit Wide EAI.

MQ Series Cross Platform Dominant Messaging sw – 70% of market Messaging API same on all platforms Guaranteed one-time delivery Two-Phase Commit Wide EAI.
Cultural Heritage in REGional NETworks REGNET Project Meeting Content Group 2002-06-24 - 2002-06-26.

Cultural Heritage in REGional NETworks REGNET Project Meeting Content Group
Handheld Contact Wireless syncing ACT! Blackberry and Windows Mobile 5/6.

Handheld Contact Wireless syncing ACT! Blackberry and Windows Mobile 5/6.
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
Futures – Alpha Cloud Deployment and Application Management.

Futures – Alpha Cloud Deployment and Application Management.
Secure Lync mobile Authentication

Secure Lync mobile Authentication
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.

SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.
Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.

Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
SG EUROPEAN PHARMACEUTICAL PRICING NERVE CENTRE. ABOUT SIGYN R&D Sigyn R&D is a Croatian company based in Zagreb, established in 2010. Tailor made software.

SG EUROPEAN PHARMACEUTICAL PRICING NERVE CENTRE. ABOUT SIGYN R&D Sigyn R&D is a Croatian company based in Zagreb, established in Tailor made software.
Uniqueness of user names is enforced Customer information logged to database Require contact information as well as email address Email address will.

Uniqueness of user names is enforced Customer information logged to database Require contact information as well as address address will.
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
© 2009 IBM Corporation ® IBM Software Group Introduction to Cloud Computing Vivek C Agarwal IBM India Software Labs.

© 2009 IBM Corporation ® IBM Software Group Introduction to Cloud Computing Vivek C Agarwal IBM India Software Labs.
Business Intelligence Dr. Mahdi Esmaeili 1. Technical Infrastructure Evaluation Hardware Network Middleware Database Management Systems Tools and Standards.

Business Intelligence Dr. Mahdi Esmaeili 1. Technical Infrastructure Evaluation Hardware Network Middleware Database Management Systems Tools and Standards.
Project Centric Solutions Page 1 Swaziland Electricity Board Magsoft e-Tendering Solution Magsoft International LLC www.e-magsoft.com.

Project Centric Solutions Page 1 Swaziland Electricity Board Magsoft e-Tendering Solution Magsoft International LLC
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Capacity Planning in SharePoint 2007. Capacity Planning Process of evaluating a technology … Deciding … Hardware … Variety of Ways Different Services.

Capacity Planning in SharePoint Capacity Planning Process of evaluating a technology … Deciding … Hardware … Variety of Ways Different Services.

Similar presentations

Ads by Google