Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
COCA: A secure distributed online certification authority
ACM Transactions on Computer Systems (TOCS)
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Networked Cryptographic Devices Resilient to Capture
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
PRIMA: policy-reduced integrity measurement architecture
Proceedings of the eleventh ACM symposium on Access control models and technologies
OpenID 2.0: a platform for user-centric identity management
Proceedings of the second ACM workshop on Digital identity management
User centricity: A taxonomy and open issues
Journal of Computer Security - The Second ACM Workshop on Digital Identity Management - DIM 2006
Towards a User-Centric Identity-Usage Monitoring System
ICIMP '08 Proceedings of the 2008 The Third International Conference on Internet Monitoring and Protection
Minimal information disclosure with efficiently verifiable credentials
Proceedings of the 4th ACM workshop on Digital identity management
Practical threshold signatures
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Using identity credential usage logs to detect anomalous service accesses
Proceedings of the 5th ACM workshop on Digital identity management
Enhancing accountability of electronic health record usage via patient-centric monitoring
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Hi-index | 0.00 |
Digital identity credentials are a key enabler for important online services, but widespread theft and misuse of such credentials poses serious risks for users. We believe that an identity management system (IdMS) that empowers users to become aware of how and when their identity credentials are used is critical for the success of such online services. Furthermore, rapid revocation and recovery of potentially compromised credentials is desirable. By following a user-centric identity-usage monitoring concept, we propose a way to enhance a user-centric IdMS by introducing an online monitoring agent and an inexpensive storage token that allow users to flexibly choose transactions to be monitored and thereby to balance security, privacy and usability. In addition, by utilizing a threshold signature scheme, our system enables users to revoke and recover credentials without communicating with identity providers. Our contributions include a system architecture, associated protocols and an actual implementation of an IdMS that achieves these goals.