Architectures for Enhancing Authentication Privacy and Security using Trusted Computing

When it comes to remote authentication, after the initial login, progressively major service providers no longer rely on a single variable for authentication (such as password or fingerprint) but rely on user meta-data to raise the trust in the session or continuously authenticate their users utilizing data such as location information, user behaviour analytic, etcetera. However, these meta-data as well as the authentication variables used by the service providers are often a source of concern from a privacy preservation point of view. While these data are stored, an intruder or a service provider can access user's fingerprint, location information, device type and model which can all harm user privacy. To improve the privacy protection available for users and authentication security while providing usable security, this paper provides analyses of existing authentication architectures and those that use Trusted Computing (TC) like technologies. We highlight a number of challenging threats present in the current architectures. Then we propose a novel architecture for authentication using TC, addressing the issues discussed. The new architecture ensures user authentication template will be under the user's control and will not be revealed to any third party, including to authentication service providers while providing the user with assurances.