IMPACT

ReCRED will help in generating a tangible impact on the market since it will focus on demonstrating the viability of Device Centric Authentication as an aggregator for both account-based as well as attribute-based access control with associated very well specified business and exploitation plans. Such solutions, after demonstration and validation in real life environments directly involving end users, will be able to find a wide take up in the market since they will provide a competitive advantage in the market for all industrial and non-industrial players participating in ReCRED.

a) End user Impact

End users are the main beneficiaries from the DCA architecture around mobile devices designed, implemented, and tested in ReCRED for both account and attribute based access control. Benefits for end users include:

Solution to the password overload problem
Solution to the single point of failure problem
Solution to the identity fragmentation problem
Account and attribute based access control in one architecture

b) Industrial (per Sector) Impact

Telecom operators.

• Telcos are improving their position in the end-to-end Internet ecosystem by participating in additional services that go beyond basic data transfer.
• Telcos can develop technology internally and thus go beyond their current operating model which is based mostly on purchasing technology directly from vendors.
• Exploitation of company’s big data platforms for maintaining detailed infrastructure and customer info, to provide new services.

Web hosting companies.

• Using ReCRED technology web hosting companies will address access control problems.
• Web-sites do not need to spend effort to keep revising the minimum security requirements for passwords, checking for password reuse, etc.
• Web hosting companies benefit from ReCRED by simplifying operations while enhancing security for users.
• Web hosting companies can provide second factor verification as a service, based on behavioral data that they have on their end users, such as typing style, browsing patterns, etc. Such verification can be offered as a service to institutions, e.g. banks that want to go beyond basic DCA access control based on PKI etc. Therefore, ReCRED allows web hosting companies to create new products and revenue streams from further exploiting their infrastructure and customer base.

Security technology providers.

• In ReCRED security technology providers have the opportunity to develop, test and integrate in their products new authentication protocols that go beyond standard passwords.
• Highlighting and solving password-related problems of access control is expected to bring a wave of innovation, opportunity, and growth to the security sector. Also, ReCRED will provide an important user base and a test-bed for the development of such technologies and products.

Financial sector technology providers

• The financial sector suffers from constant attempts for fraud, the vast majority of which is based on impersonation.
• Furthermore, as new forms of credit such as microcredit become commonplace, there is a requirement for faster, yet credible identification and authentication mechanisms.
• The ReCRED technology will aid towards that direction since the time from request to origination of a microloan can differentiate two otherwise identical providers. Furthermore, even the traditional ATM cash withdrawal can be made more secure via the capabilities of a mobile-device-centric identification protocol.

Mobile device and OS manufacturers.

Proxying and integrating all access control needs on the mobile device increases even further the value of the sector and brings it closer to several long pursued objectives, e.g. to become the provider of e-identity and e-wallet for citizens