Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rapid Authentication Systems?

Posted by Cliff on from the secure-yet-fast dept.

Barrington Johnson asks: "I am an emergency physician, and am looking for a solution for authentication which is compatible with rapid logons and logoffs. We have several web-based terminals into which we put information. The web application gives a real-time representation of the emergency department, so it is important that it is kept up to date. We have an opportunity to re-design our system, and I know that if I make the authentication process too difficult e.g. username+password, doctors will store up their data entry, and do it all in one go, removing the real-time usefulness of the display. At what level (application/browser/system) should authentication occur, and what method would be best?" Might a smartcard-based authentication system work well in this situation?

6 of 48 comments (clear)

  1. SmartCards slow -- YMMV by redelm · · Score: 2, Interesting
    We use SmartCards with PINs at work in an MS-Win2k environment. They take ~5 sec to authenticate. UID/pw takes less than 1 sec.

    A restaurant-type system might be best/fastest.

    Perhaps forgo authentication? Or make it concurrent with data entry? A "secret" 4-6 char UID field that whoever fills-in when they enter other data (vitals).

  2. Host-Based Auth by sampowers · · Score: 3, Interesting

    Depending on your network setup, host-based auth might be best. You could assign a specific IP address based on a DHCP Client-ID and have the web app look up the client's address in a table to determine if it's allowed automatic access (ie, to jump straight to an authorized state), or otherwise to prompt for a username/password, and thereby set the authorized state.

  3. Something you have and something you know by _LORAX_ · · Score: 2, Interesting

    Those are the two items that will make a system secure. I would say proximity RFID reader + pin code.

    When the Dr walks up it unlocks and askes for a pin ( it already knows who you are ). Once the pin is entered you are set... once the RFID leaves range ( 5-8 ft ) the station would automaticly lock. I personally think this would be the best of all worlds. I would not skimp on the proximity sensor for a card swipe since locking the station is still important, and the card is one more thing that they would have to keep clean. As much as the slashdot crew hares RFID it could be very handy you have to admit.

  4. iButtons by sshack · · Score: 2, Interesting

    Something like a timed ticket+ibuttons would work.
    Doctor arrives at work, logs in his user/password then simply taps his ibutton on whatever system he wants to use. Hit's the logout button when he's done, and moves on to the next machine.

    Why do the login/pass thing in the morning? Because people lose small things like ibuttons. So each morning when you login (and for the next 8 hours or however long until the login ticket expires) the ibutton supplies is the new "key". If you lose it, simply get a new one and login again.

    ibutton url

  5. Mag Stripes, Edit Windows by Cranx · · Score: 2, Interesting

    1) Magnetic stripes on the neck-worn ID tags which contain a unique sequence of characters which are the equivalent of/tied to a doctor's username/password. Require the doctors to swipe them everywhere to input data. Periodically require doctors to re-key their cards.

    2) Keep a central authentication system, but also mirror authentication information locally to wherever a doctor authenticates so subsequent authentications go quickly.

    3) Disallow record editing after hours without permission. Counsel doctors who habitually require after-hours editing.

  6. BlueTooth by cs668 · · Score: 3, Interesting

    It seems like you could use a BlueTooth device to authenticate. The same way that if you have a BlueTooth cell-phone the screensaver on a mac will shut off when you get close to the system.