An Access Control with handling Private Information
IPDPS '01 Proceedings of the 15th International Parallel & Distributed Processing Symposium
Personal Information Market: Toward a Secure and Efficient Trade of Privacy
Proceedings of the First International Conference on The Human Society and the Internet - Internet Related Socio-Economic Issues
Hi-index | 0.00 |
In Internet and electronic commerce applications, a user may want to access servers as anonymous with an authorized certificate. In this paper, such privacy-enhanced service scheme is presented by using Simple Public Key Infrastructure (SPKI). A certificate of SPKI carries as few information on clients as possible compared to a certificate of PKIX (Public Key Infrastructure with X.509). After obtaining a certificate issued by an authorized server, a client submits the certificate to the service provider (server) in order to take services associated with the certificate. Then, the provider verifies the submitted certificate and gives permission to the client if verified. A client can delegate a certificate to a third party, so that he/she can access the server instead of the original certificate recipient. The implementation of the proposed certificate-based access control consists of authorized server, issuing agent, client. These are based on SPKI certificate issuer, certificate verifier, access control list management, and delegate mechanism. These subsystems are coded based on SPKI library written in Java.