A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Zero-interaction authentication
Proceedings of the 8th annual international conference on Mobile computing and networking
Efficient revocation and threshold pairing based cryptosystems
Proceedings of the twenty-second annual symposium on Principles of distributed computing
Protecting applications with transient authentication
Proceedings of the 1st international conference on Mobile systems, applications and services
Plutus: Scalable Secure File Sharing on Untrusted Storage
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Distributing security-mediated PKI
International Journal of Information Security
Simple identity-based cryptography with mediated RSA
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Transparent mobile storage protection in trusted virtual domains
LISA'09 Proceedings of the 23rd conference on Large installation system administration
A trusted versioning file system for passive mobile storage devices
Journal of Network and Computer Applications
Hi-index | 0.00 |
With the increasing adoption of mobile computing devices that carry confidential data, organizations need to secure data in an ever-changing environment. Critical organizational data should be protected from a) a disgruntled user's access and b) a theft or loss of the mobile device. When such compromises do occur, future data access should be immediately revoked and the knowledge of the data that might have been exposed be identified. Such assessment enables an organization to demonstrate its adherence to mandated regulatory compliance. We propose Concord: a framework that provides an organizational service that allows an organization to monitor data that has been accessed on its users' mobile devices. Concord distributes trust among multiple entities so as to enable data access following their successful interaction. Firstly, to enable data access, users of the mobile device require the organization's involvement to access the data on the mobile devices. Likewise, in the event of loss or theft of a mobile device, organizations can immediately discontinue further requests for data accesses to the previously-unread data on the mobile device. Secondly, a valid user's consent is required to access the data. Thus, should an intruder somehow receive organizational permission, the data on the mobile device is still inaccessible. Thirdly, upon identification of a compromise, Concord provides the organization with the detailed information about the data that has been exposed enabling them to initiate steps for regulatory compliance.