348
`
`lEEE Transactions on Consumer Electronics, Vol. 49, No. 2, MAY 2003
`
`Remote Access And Networked Appliance Control Using
`Biometrics Features
`
`Mahfuzur Rahman, Member, IEEE and Prabir Bhattacharya, Fellow, IEEE
`
`Abstract - Wiih the advent of home networks and the
`prolijeration of broadband connectivi@ to homes, there is an
`increasing demand .for a secure end-to-end mechanism to
`remotely access home network and control home appliance
`from remote sites on the other side of the Internet. In this
`paper we propose an architecture for secure access to home
`or an organizaiion’s networks and control of networked
`appliances inside a home or within an organization from a
`remote location. We use biometrics features and a one-time
`password mechanism on top of secure socket layer (SSL) for
`authentication. We also provide three layers of security levels
`for network communication, and also a mechanism for secure
`file accesses based on the securify privileges assigned to
`various users is proposed. The files to be accessed from the
`server are categorized depending on their access privileges
`and enciypted using a key assigned to each category.
`
`Index Terms - Biometric, Firewall, One-Time Password,
`Residential Gateway, SIP (Session Initiation Protocol).
`
`I. INTRODUCTION
`ver the last couple of years we have witnessed the advent
`
`0 of home network technologies and the proliferation of
`
`network-attached devices within home. As more home
`networks get attached
`to
`the Intemet with broadband
`connections such as xDSL, ISDN etc., there is an ever-
`increasing demand for a secure remote access and control of
`home appliances from the Intemet. The computing resources
`inside a home or within an organization usually are protected
`by a firewall to prevent unauthorized access, which does not
`allow any remote access of home computers unless one uses
`remote dialing method or Virtual Private network technology.
`In this paper we are proposing a method that would allow an
`authorized user to access securely a home network or an
`organization’s computing resources through the firewall.
`In particular our design will provide the following four
`features that are very essential for secure communication
`between a remote user and the home network or an
`organization’s network and computing resources:
`
`Mahfiizur Rahman is with the Panasonic Information and Networking
`Technologies Laboratory, Princeton, NJ 08540, USA (e-mail: mahfuz@
`research.panasonic.com).
`Prabir Bhanacharya is with the Panasonic Information and Networking
`Technologies Laboratory, Princeton, NJ 08540, USA (e-mail: prabir@
`research.panasonic.com).
`
`.
`. Secure file access based on a hierarchical privilege
`. Secure transmission- contents are transmitted in
`. Secure appliance control within a home
`
`Secure remote login based on one-time password
`scheme
`
`levels and encryption mechanism
`
`encrypted form.
`
`Our proposed scheme is based on applying the user’s
`biometrics features together with an encryption scheme to
`establish a secure communication from a remote machine to a
`machine within a firewall. Because we are using a combination
`of both biometrics features and encryption schemes, our
`proposed design is going to provide more secure way ofusing
`remotely a home or an organization’s computers.
`There has been recently considerable interest to use biometrics
`features for authentication in a networked society (see e.g., [7], [SI,
`[9] for reviews). The biometrics features of an individual are unique
`and provide a very convenient method for personal identification.
`According to [ 5 ] , p. 4, any human characteristic could be a
`biometrics provided it has the following desirable properties:
`
`. universality - every person. should have the
`. uniqueness - no two persons should possess the
`.
`.
`
`Characteristic
`
`same characteristic
`permanence - the characteristic should not change
`with time
`measurability
`it should be possible to measure
`the characteristic in a quantitative manner.
`
`~
`
`There are many practical issues involved in developing an
`authentication scheme using biometrics. Some good pattem
`recognition algorithms should he developed and used to
`recognize the biometrics to a very good degree of accuracy
`(even under “noisy” conditions) and to within a reasonable
`computer processing time. Also, the biometrics should not be
`prone to easy tampering by hackers. There are also privacy
`and network security issues that are involved for developing an
`on-line biometrics-based authentication system.
`The features that have been commonly used in developing
`automatic authentication systems are fingerprints, voice, iris,
`retina pattems, and face. Also, there are some other more
`unconventional biometrics such as body odors, gait, ear shape,
`etc. that have been used for developing methods for personal
`identification. There are several currently available systems for
`
`Contributed Paper
`Manuscript received A p d I , 2003
`
`0098 3063100 610.00 02003 IEEE
`
`Page 1 of 6
`
`GOOGLE EXHIBIT 1009
`
`

`

`M. Rahman and P. Bhanacharya: Remote Access And Networked Appliance Control Using Biometrics Features
`[7]) and on-line
`on-line fingerprint verification (e.g., [5],
`[SI). A~ secure method
`signature verification
`(e.g.,
`for
`accessing files using fingerprints has been developed by one of
`us recently ([I]). The use of the fingerprints is the oldest
`biometrics-based method for
`identification purposes that
`predates the advent of computer technology.
`
`Internet
`
`349
`
`Firewall
`U Remote Machine, 1: First dedicated Machine
`11: Second Dedicated Machine, S: Sever
`LAN: Local Area Network
`
`Figure 2 Schematic diagram for Remote Login
`
`B. Firewall
`As computer hacking is quite common nowadays, it is very
`important to control access to a private network of computers
`(for example, a company network) - to order to protect the
`loss of sensitive data to external hackers. A firewaN is a
`component or components designed to restrict access to a
`private network from the Internet (see [3], [I31 for surveys). It
`examines all traffic routed to and from the organization's
`Local area network to the Internet. It filters out all incoming
`and outgoing packets depending on the rules that are set by the
`organization's administration. For example, some organization
`does not allow any telnet connection coming in from outside
`and also sometimes they do not allow any out going telnet
`connection going out of the organization.
`These rules can be set based on different network protocols,
`network address of the destination or source, port number or
`packet headers etc. Broadly there are four categories of
`firewalls: packet filtering firewall, circuit lever gateways,
`application level gateways and multi-layer inspection firewall.
`The most commonly used method is the packet filtering
`firewall. Packet filtering firewall (also called as screening
`router) makes its decision based on the &pes of incoming and
`outgoing packets. The main information that a packet filtering
`firewalls looks at is the following: IP source address, IP
`destination address, protocol (TCP, UDP, or ICMP packet),
`TCP or UDP source port, TCP or UDP destination port, ICMP
`message type Packet size.
`
`111. REMOTE ACCESS SCHEME
`The proposed scheme for the remote access will have two
`dedicated machines outside the firewall to provide secure
`login. A remote user will communicate with the first dedicated
`machine outside
`the
`firewall before establishing any
`communication with any machine inside the firewall. The
`second machine outside the firewall would have a secure
`connection with the machinelserver inside the firewall and
`would act as a proxy for the-first machine outside the firewall
`
`Figure 1: One-time password scheme
`
`The organization of the rest of the paper is as follows. In
`Section 2, we describe about background technology and
`section 2 describes remote access scheme. In Section 4, we
`describe a secure transmission scheme. In Section 5, we
`describe a secure file access scheme. Section 6 gives our
`conclusions.
`
`11. BACKGROUND TECHNOLOGY
`A. One-Time Password
`The idea of one time password mechanism was invented by
`[IO].
`Lamport
`It
`is designed to counter the attack of
`eavesdropping of network connections to get login id and
`password. In order to use one time password mechanism the
`user first chooses a password and stores it in the authentication
`server. The server chooses a number n (something reasonably
`large) and computes hush"(password) and stores it in its
`database along with the user id and the number n. The number
`n represents the number of one time password the user can use
`i.e., the number of log in sessions the user can have with this
`password mechanism schemes. If the user exceeds the log in
`sessions then, he or she needs to initialize again the one time
`password mechanism with the server.
`
`Page 2 of 6
`
`

`

`350
`(see Figure 2). Our architecture establishes an SSL connection
`before m y communication between an external machine and a
`machine wiihin the firewall begins. The proposed architecture
`is further described as.follows..
`
`TS: Top Secret, s: sccrel, C Canfidenlial; AA: All
`ACCCP,
`I: category ](can access all filCJ),
`11: Category 2 [can access S, C, AAonly)
`111: Category 3 (can ~ C C ~ S S C, AA only)’
`IV: Category 4 (can access AA only)
`
`Figurr I Hierarchical File Access Schcme
`
`Initially, the remote machine and the first dedicated machine
`will establish a Secure Socket Layer (SSL) connection. The
`dedicated machine will then send a request to the remote
`-machine for the user’s strong password (by a “strong
`password we mean the user’s password derived from a one-
`time-password (OTP) and biometrics features). A possible
`way of implementing this is by setting up a web page that
`would request for the user’s strong password. The OTP
`scheme will allow the system to use different password each
`time providing unpredictability and consequent security
`In order to use this
`against any compromise by a hacker.
`system, the user has to initialize the number of OTP’s and also
`a secure pass-phrase into a Server inside the tirewall. The
`second dedicated machine is going to act as a proxy for the
`first dedicated machine and it does not allow any other
`connection from any other machines. The second dedicated
`machine is connected to the server inside the firewall using an
`SSL connection.
`Afler verifying the strong password, the second dedicated
`machine establishes a direct SSL connection with the remote
`machine and acts as a proxy for the remote machine for the
`(A less secure way would he to
`server inside the firewall.
`establish a direct SSL connectiou’between the remote machine
`and the server - this option could be used at the discretion of
`the organization.) This scheme differs from the AT&T scheme
`have two
`called ABSENT in the following way: we
`dedicated machines outside the firewall, and the remote
`machine communicates only with the first machine which does
`not have any direct connections with any machines inside the
`firewall. This arrangement provides less vulnerability a more
`secure communication link as compared to the ABSENT
`system.
`
`...
`,‘-
`
`E E E Transactions on Consumer Electronics, Vol. 49, No. 2, MAY 2003
`IV. SECURE TRANSMISSION SCHEME
`We use up to three stages of security levels depending on
`the sensitivity of the protection needed. At the top level, we
`establish an SSL connection between the remote machine and
`a machine inside the firewall that might act as a proxy for the
`server.
`In
`that changes
`level, we use an OTP
`the second
`periodically to authenticate the user’s continued presence. For
`example, atter every predetermined interval of time, the
`dedicated machine inside the Firewall will request an OTP
`password to check the user’s continued presence? and would
`disrupt the communication if the authentication process fails.
`In the third level if desired, we further encrypt the message
`using a conventional encryption scheme (such as DES, ECC)
`between the remote machine and the machine to he accessed
`inside the organization. The key for the encryption is derived
`using the OTP and biometrics features (such as fingerprints).
`As the OTP changes periodically, it provides an extra level of
`security.
`
`V. SECURE FILE ACCESS SCHEME
`In this section we provide a scheme that would allow an
`organization to store files in a central directory hut the access
`of those files would he restricted according to hierarchical
`privilege levels. This hierarchical access scheme could be
`implemented using the following cryptographic techniques.
`We use different secret keys for each file corresponding to
`each category of access. Two software~modules would he used
`- one running on the server (the machine that stores all the
`files) and the other running on the user’s machine. The server
`side software module is used to process request submitted by a
`user to access a particular file and it would verify whether or
`not that user has the privilege to access that file; then it would
`send the following message to the user:
`
`where F is the file, k is the secret key used to encrypt the file, s
`is a key that we refer as the strong ke,v - it is derived from the
`user’s OTP password, and biometrics features of
`the
`corresponding user, and + denotes the usual concatenation.
`The client software module receives the message from the
`server module, and then it decrypts E,(k) with user’s strong
`password to get the key k, that will he used to decrypt the file.
`It is also possible to design the client module in such a way so
`that the files are only readable by the users.
`
`VI. SECURE APPLIANCE CONTROL
`Figure 4 shows a scenario where a user controls home
`appliances from a remote location in the Intemet. The figure
`also shows the main components of a home network system:
`namely a User Agent (UA), residential gateway and a Proxy to
`
`Page 3 of 6
`
`

`

`M. Rahman and P. Bhattacharya: Remote Access And Networked Appliance Control Using Biometrics Feahlres
`
`351
`
`the appliances at home. A User Agent (UA) is an end system
`that acts on behalf of someone who wants to participate in a
`communication session with the home gateway or with home
`appliances. In this scenario, a user might be able-to control
`and monitor the home appliances from a remote site. For
`example, a user while at work realizes sihe forgot to program
`her/his VCR to record a special show .at home. The user
`formulates and sends a device control message to the VCR to
`record the program from work. The format of the control
`command is out of the scope of this paper. For details on
`control message format see [18]. The proxy at the home
`gateway receives the message, and forwards it
`to
`the
`appropriate appliance assuming that the appliance is IP-
`capable, e.g., a PC, and has a User Agent to handle the control
`requests. If the appliance is not IP-capable and.does not have a
`User Agent, e.g., an X.10 lamp, an appliance controller with a
`UA must handle the control commands for the appliance.
`Upon receiving the control commands, the UA executes the
`control commands carried in the message and forms a response
`message, which is relayed back to the user. We note that the
`above scenario is also applicable for the secure access of
`various devices in an office environment including computers,
`printers, networked fax machines and coffee makers, etc.
`
`User Agent
`
`a valid user must make sure that the .response that 'it receives
`from the appliance notifying himher-of the .final status of the
`control request is .actually coming from the appliance. If this
`step is omitted in the.authentication algorithm, then a hacker
`can receive the request and send a fake response making the
`user think
`that the control request has actually finished
`executing, while in fact the request may,have never made it to
`the appliance at the first place. So mutual .authentication is.a
`requirement.
`Now
`that we have shown the necessity for mutual
`authentication, the next ,question is how .to perform ,the
`authentication: We assume that the authentication is based on a
`shared secret, i.e., a password (one-time). This brings the
`following question: Should the users .authenticate themselves
`with each applianceat the home network, or should they only
`authenticate themselves with the proxy running at the home
`gateway?
`Although user authentication with each.home appliance has
`the advantage of providing end-to-end security, it has .the
`following problems:
`
`. An explosion of the number of secret .keys occurs:
`-
`
`in other words, .each (user, appliance) pair must
`have a shared key to authenticate each other. This
`results in O(NxM)-secret keys and is not scalable
`(N: number of users, M: number of devices).
`Since some of the home appliances, like light bulb
`to coffee maker, may be very simple and may.not
`have
`sophisticated
`input
`.terminals, e.g., a
`keyboard, it may not be .possible to even set up a
`shared secret between the appliance and each user
`that wants to use the appliance. So end-to-end
`authentication,may not even.be possible.
`
`Figure 4: Scenario of Appliance Control
`
`One of the most important issues in relations .to appliance
`control is .the authentication mechanism between the agent
`trying to control the home device and the device being
`is the process of verifymg the
`controlled. Authentication
`identity of an entity in a communication session. In a remote
`appliance control scenario such as the one described above,
`not only must the appliances authenticate the user but also the
`user must authenticate the appliances with which s h e is
`communicating. This is called mutual authentication.
`It is easy to see why mutual authentication is required in
`appliance control applications: ~Firstly, appliances must make
`sure that only the authorized users are able to modify their
`behavior, whereas a hacker must be denied access. Secondly,
`
`The second alternative .is.to assume a-secure'home network
`and have users authenticate themselves with thefroxy running
`at the home gateway. Although .this does not provide end-to-
`end security and weakens the security model, only omsecret
`key per user must be kept at the proxy,.i.e.,:.O(N) secret keys.
`This secret key could'be based.on .the,biometric features and
`one-time password.ofthe user. This way we-could pr0vide.a
`better security model ,to control appliances from ,a remote
`location. We propose to use the second authentication model
`for appliance control. That .is, the Proxy.shares a secret key
`with each user who is allowed to access and control home
`appliances, and that the mutual authentication occurs between
`the user and the proxy. Securing .the home network can be
`achieved by employing special .packet forwarding policies at
`the home gateway similar.to a firewall and-is out of,the scope
`of this paper. We further;assume that:once users authenticate
`themselves with the proxy, the Proxy performs-access control,
`i.e., the proxy has .an access control 'database that describes
`which devices a user is allowed to-access and control within
`the home network.
`
`.
`
`Page 4 of 6
`
`

`

`352
`A. Protocod for Appliance Control
`There are several candidate protocols for appliance control
`such as SIP (Session Initiation Protocol) [20], HTTP etc. Also
`there is always a possibility to use proprietary protocol to carry
`control commands to the residential gateway from a remote
`location.
`SIP [20] is an IETF standard signaling protocol used for
`setting up, controlling and
`tearing down “interactive
`communication sessions” with two or more participants. SIP
`sessions include but are not limited to multimedia sessions and
`telephone calls. SIP is an application-layer text-based client-
`server protocol modeled after HTTPiSMTP protocols, and is
`an attractive protocol for appliance control for its simplicity.
`HTTP is another candidate protocol for appliance control.
`Like SIP, HTTP is an industry standard, simple, and text-
`based protocol. However, SIP is more suitable for appliance
`control than HTTP for the following reasons:
`
`. SIP
`
`8 A SIP agent has a name-address scheme that is
`similar to an email addresses. Name address
`resolution takes place at the last stage, before the
`device, by a SIP name resolution server that is
`similar to DNS. On the other hand, HTTP uses
`physical IP addresses. This makes SIP more
`suitable in mobile environments.
`is more suitable
`for event notification
`the SUBSCRIBE and
`scenarios because of
`NOTIFY commands. Event notification is very
`common in home applications. For example, one
`to receive a notification on his mobile
`may want
`phone if his front door gets opened.
`-
`We propose to use SIP as the transport protocol to carry
`control commands for appliance control. SIP is originally
`designed for establishing phone calls, its original command set
`has limited capabilities and is not suitable for device control.
`Intemet draft [23] introduced a new SIP method called “ D O .
`The purpose of the DO method was to enable messages or
`requests to be sent to networked appliances without setting up
`a new session [23]. In the case of an existing session the idea
`was to use the DO method within the context of an existing
`session, and share the same Call ID as the existing session.
`However, this proposal has not been adopted by IETF. The
`current SIP RFC 3261 [20] did not include this extension and
`also this lntemet draft [23] has been expired. In the absence of
`a separate SIP method for appliance control we propose using
`.SIP
`the MESSAGE [24] method for appliance control.
`MESSAGE [24] method is currently being standardized by the
`“SIP
`for
`Instant Messaging and Presence Leveraging”
`(SIMPLE) working group of IETF. The purpose of the
`MESSAGE request is to carry instant messages in the body of
`the request. For further details on how SIP can cany control
`commands see [22].
`
`IEEE Transactions on Consumer Electronics, Vol. 49, No. 2, MAY 2003
`VII. CONCLUSION
`In this paper we have proposed an architecture for secure
`remote access using one-time password and biometrics
`features for authentication. We also discussed issues related to
`secure remote appliance control using our proposed scheme.
`Also, a hierarchical file-access scheme has been proposed
`based on user’s privilege levels. This scheme uses biometrics
`features and one-time password mechanism
`to create
`encryption keys. For secure transmission of data, we use a
`three-layer scheme based on SSL connection. The heavy cost
`of running a VPN (virtual private network) (see e.g., [Ill)
`would justify the advantage of our architecture.
`
`~
`
`REFERENCES
`P. Bhanacharya, “Secure System and Method for Accessing Files in
`Computers Using Fingerprints," U S Patent Application 091662,298.
`J. Bigun, C. Chollet and C. Borgefors (eds.), Proceedings ofthe First
`Inrenor. Covfereerence of Audio- and Video- Biometric Person
`Aulhenticarion ABVA’97, Crans-Montana, Switzerland, Springer-
`Verlag, Berlin, 1997.
`B. Cheswick and S . Bellovin, Firewalls and Inlemnet Security, Addison-
`Wesley, Reading, MA, 1994.
`T. Elgamal and K.E.B. Hickman, “Secure socket layer application
`program apparahm and method”. US Parent 582589, 1998.
`T. Elgamal and K.E.B. Hickman, “Secure socket layer application
`program apparaNs and method,” US Potent 5657390, 1997.
`E.J. Gelb,
`system
`for
`preventing
`unauthorized
`“Secunly
`communications between networks by
`translating communications
`received in ip protocol to non-ip protocol to remove address and routing
`services information,” US Paten1 55109841, 1996.
`R. lain, L. Hong, and R. B o k , “On-line fingerprint verification,” IEEE
`Trans. Palfern Analysis and Machine Intelligence, vol. 19, no. 4, pp.
`302-313, 1997.
`R. Jain, R. B o k and S. Pankanti (eds.), Biomelrics:, Perspnal
`ldenrflcofion in Networked Society, Kluwer Publishen, Boston, MA,
`1999
`.. . .
`in, Biomerrics: Personal
`[9] L O’Gorman, “Fingerprint Vefification,”
`Identificofion in Networked Sociep, (Eds. R. Jain, R. BoIIc and S.
`Pankanti), Kluwer Publishers, Boston, MA, pp. 43-64, 1999.
`[IO] C. Kaufman, R. Perlman and M. Speciner, Nehvork Securit)., Prentice
`Hall, Upper Saddle, NJ, 1995.
`[I I] L. Lampon, “Password authentication with insecure communication,”
`Communications ofACM, vol. 24, no. I I , Nov., 1981, pp. 770-772.
`[I21 N. Doraswamy and D. Harkins, l p x c : The New Securit). Standard f.7
`fhe Inrer.net, Inlmners, ond Virrual Privafe Network, Prentice Hall,
`Upper Saddle, NJ, 1999.
`[I31 V. Nalwa, “Automatic On-line Signamre Verification,” in, Biomenics:
`Personal Identification in Networked Soeiet)., (Eds. R. Jain, R. Balk
`and S. Pankanti), Kluwer Publishers, Boston, MA, pp. 143-163, 1999.
`[I41 W. She” and R. Khanna (eds.), “Special issue on automated
`biometrics,” Proceedings ofthe IEEE, vol. 85, ns. 9, Sept., pp. 1343-
`1492, 1997.
`[I51 W. Stallings, Cvptography and Network Srcurip, 2“. ed., Prentice
`Hall, Upper Saddle, NJ, 1999.
`[I61 A.E.D. Zwicky, S. Cooper and D.B. Chapman, Building Intemer
`Firewolls, O’Reilly, Sebastapol, CA, 2000.
`[I71 lntemet Engineering Task Force (IETF) RFC 2289, “A One Time
`Password System.”
`[IS] S. Moyer, D. Marples and S. Tsang, “A Protocolfor Wide-Area Secure
`IEEE Communications
`networked Appliance Communicolion”,
`Magazine, October 20001.
`1191 S. Moyer, D. Marples, S. Tsang and A. Ghosh, “Senice Portobilip of
`networked Appliances”, IEEE Communications Magazine, January
`20002
`
`Page 5 of 6
`
`

`

`353
`
`M. Rahman and P. Bhattacharya: Remote Access And Networked Appliance Cr
`)ntroI Using Biometrics Feahres
`I201 1. Rosenberg, H. Schulninne, G . Camadlo, A. Johnston, J. Peterson, R.
`Sparks, M. Handley and E. Schooler, "SIP: session inifidon protocol",
`RFC 3261, lntemet Engineering Task Force (IETF), June 2002.
`[21] M. Rahman and P. Bhattachalya, "Architechre for Secure Remote
`Access and Transmission Using a Generalized Password Scheme with
`Biometrics Feahrres". US Patent Application No. 20020144128 filed in
`March 2001.
`[221 M. Rahman, C. Akinlar and 1. Kamel, "ON SECURED END-TO-END
`APPLIANCE CONTROL USING SIP", In Proceedings of the f h IEEE
`Internotional Workhop on "vorked Appliances, Liverpool, United
`Kingdom, October 2002, pp.24-28.
`[23] S. Tsang, S. Moyer, D. Marples, H. Schulrrinne and A. Roy
`Chowdhury, "'Sip Exlensions f o i Communicaling with Nehwrked
`Appliunces", lntemet Drat?, lntemet Engineering Task Force (IETF),
`November 2000.
`[24] I. Rosenberg, D. Willis, R. Sparks, B. Campell, H. Schulninne, 1.
`Lennox, B. Aboba, C. Huitema, D. Gurle, D. Oran, "SIP Extensionsfor
`lnstanl Mwuging", lntemet Draft, Internet Engineering Task Force
`(IETF), March 2001.
`
`is a
`(SM'92, F'02)
`Prabir Bhattaeharya
`Principal Scientist at the Panasonic Information
`and Networking Technologies Laboratoly,
`Princeton, New Jersey, USA. Till 1999, he served
`as a tenured Full Professor at the DepaRment of
`Computer Science and Engineering, University
`of Nebraska-Lincoln, USA. He received his
`Ph.D. in 1979 from the University of Oxford,
`U.K and had his underpduate education at the
`University of Delhi, India. He is currently an the editorial boards of six
`technical joumals including the IEEE Tronsacrionr on Sysrems, Man and
`Cyberneticr. He has authored or co-authored 82 joumal papers, over 55
`conference papers, and co-edited a book on Vision Geometry. During 1995-
`98, he was on the editorial board of the IEEE Computer Society Press. During
`1995-98, he was a Distinguished Visitor of the IEEE Computer Society and
`also a National Lechrer of the ACM. He sewed as the Chairman of the
`Nebraska Chapter of the E E E Computer Society during 1995-97. ln 2002,
`he was on the program committees of six technical conferences. He is a
`Fellow of the IEEE, and a Fellow of the Intematianal Association of Pattern
`Recognition (IAPR).
`
`is a Research
`Mshfuzur Rahman
`( M O O )
`Scientist
`at
`Panasonic
`Information
`and
`Networking Technologies Laboratory in Princeton,
`New Jersey, USA. He received his B.Sc. in
`Computer Science
`and Engineering
`from
`Bangladesh University of Engineeing and
`Technology in 1994, M.Sc. in Computer Science
`from University ofNebraska-Lincoln, USA in 1997. He is also a Ph.D smdent
`at the Polytechnic University, New York, USA. His research interests include
`Mobile Communications, Network Security, Home Networking and
`Networked Appliances. He has been awarded 2 patents and has tiled 4 more
`patents in those areas. Mr. Rahman has also been involved with various
`IETF, Havi~ (Home Audio Video
`standardization bodies such as
`Interoperability), JCP (Java Community Process), OMA (Open Mobile
`Alliance). He is also a reviewer of IEEE Transactions on Multimedia, IEEE
`lnfocom, E E E Globecom etc.
`
`Page 6 of 6
`
`