A user-centric anonymous authorisation framework in e-commerce environment

Authors:
Richard Au;Harikrishna Vasanta;Kim-Kwang Raymond Choo;Mark Looi
Affiliations:
Queensland University of Technology, Brisbane, Australia;Queensland University of Technology, Brisbane, Australia;Queensland University of Technology, Brisbane, Australia;Queensland University of Technology, Brisbane, Australia
Venue:
ICEC '04 Proceedings of the 6th international conference on Electronic commerce
Year:
2004

Citing 16
Cited 4

Security without identification: transaction systems to make big brother obsolete

Communications of the ACM
A digital signature scheme secure against adaptive chosen-message attacks

SIAM Journal on Computing - Special issue on cryptography
Provably secure session key distribution: the three party case

STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Crowds: anonymity for Web transactions

ACM Transactions on Information and System Security (TISSEC)
Building consumer trust online

Communications of the ACM
Cross-domain one-shot authorization using smart cards

Proceedings of the 7th ACM conference on Computer and communications security
Trust online

Communications of the ACM
Untraceable electronic mail, return addresses, and digital pseudonyms

Communications of the ACM
Practical Intranet Security: Overview of the State of the Art and Available Technologies

Practical Intranet Security: Overview of the State of the Art and Available Technologies
Anonymity and accountability in self-organizing electronic communities

Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
E-P3P privacy policies and privacy authorization

Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack

SIAM Journal on Computing
Public-key encryption in a multi-user setting: security proofs and improvements

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Platform for enterprise privacy practices: privacy-enabled management of customer data

PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Anonymous connections and onion routing

IEEE Journal on Selected Areas in Communications

A method for access authorisation through delegation networks

ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Secure and auditable agent-based e-marketplace framework for mobile users

Computer Standards & Interfaces
Decentralized generation of multiple, uncorrelatable pseudonyms without trusted third parties

TrustBus'11 Proceedings of the 8th international conference on Trust, privacy and security in digital business
Anonymous reputation based reservations in e-commerce (amnesic)

Proceedings of the 13th International Conference on Electronic Commerce

Quantified Score

Hi-index	0.00

Visualization

Abstract

A novel user-centric authorisation framework suitable for e-commerce in an open environment is proposed. The credential-based approach allows a user to gain access rights anonymously from various service providers who may not have pre-existing relationships. Trust establishment is achieved by making use of referrals from external third parties in the form of Anonymous Attribute Certificates. The concepts of One-task Authorisation Key and Binding Signature are proposed to facilitate pseudonymity in authorisation service. These mechanisms enhance user privacy and tackle the problem of scalability in identity-based access control systems.