Building an Independent Integrated Authentication Service

For many Internet-based service providers, client authentication is required before the delivery of services. Currently, most client authentication mechanism is only focusing on the identity authentication. In this paper, we claim that more business opportunities will be created if service providers obtain more information about clients. Then we propose the concept of the integrated authentication service (IAS) which has capabilities to authenticate not only person's identity, but platforms and environment as well. However, as more information is collected from clients, privacy protection becomes an important issue. In some existing authentication work flows, the information of clients is either handled by the service providers, or by an independent authentication service through the service providers. These flows expose information of clients to multiple parties. We propose a new work flow that only exposes information to the authentication services, thus it will greatly alleviate the privacy concern. Trusted computing technologies are widely used in our solution, because the IAS makes decision based on the reports from clients and it is very important to assure the integrity of the reports, which trusted computing technologies are very good at.