INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL

User authentication and access control are both necessary mechanisms for data protection in a computer system. Traditionally, they are implemented in different modules. In this paper, a new solution is presented to provide user authentication and access control in a single module to avoid any possible security breach between these two protection mechanisms. The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security. More importantly, with time complexity of implementation almost equivalent to that found in the normal public key based password authentication schemes and limited extra storage space, both user authentication and access control can be achieved at the same time.