Securing user inputs for the web

Authors:
Jan Camenisch;abhi shelat;Dieter Sommer;Roger Zimmermann
Affiliations:
IBM Research, Zurich Laboratory, Rüschlikon, Switzerland;IBM Research, Zurich Laboratory, Rüschlikon, Switzerland;IBM Research, Zurich Laboratory, Rüschlikon, Switzerland;IBM Research, Zurich Laboratory, Rüschlikon, Switzerland
Venue:
Proceedings of the second ACM workshop on Digital identity management
Year:
2006

Citing 7
Cited 6

Security without identification: transaction systems to make big brother obsolete

Communications of the ACM
Direct anonymous attestation

Proceedings of the 11th ACM conference on Computer and communications security
Improving understanding of website privacy policies with fine-grained policy anchors

WWW '05 Proceedings of the 14th international conference on World Wide Web
Making PRIME usable

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
The battle against phishing: Dynamic Security Skins

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Identity Theft Solutions Disagree on Problem

IEEE Distributed Systems Online
Security and Usability

Security and Usability

PIAFF: un outil d'aide à la saisie d'informations personnelles pour les formulaires électroniques

Proceedings of the 21st International Conference on Association Francophone d'Interaction Homme-Machine
Exploring the feasibility of web form adaptation to users' cultural dimension scores

User Modeling and User-Adapted Interaction
Enhancing online forms: Use format specifications for fields with format restrictions to help respondents

Interacting with Computers
Requirements for identity management from the perspective of multilateral interactions

Digital privacy
An approach and tool support for assisting users to fill-in web forms with personal information

Proceedings of the 29th ACM international conference on Design of communication
Evoking comprehensive mental models of anonymous credentials

iNetSec'11 Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The goal of this paper is to study secure and usable methods for providing user input to a website. Three principles define security for us: certification, awareness, and privacy. Four principles define usability: contextual awareness, semantic awareness, prodigious use of screen space, and the availability of recommended choices.We first describe how current approaches to the solicitation of user input on the web fail on both fronts: they either can not handle certified data, do not respect user privacy, or have various usability problems which frustrate and perhaps even mislead the user.To address security, we suggest the use of more sophisticated private certificate systems. To address usability, we propose a new contextual, browser-integrated interface for using private certificate systems. Our system incorporates many recent design principles discussed in the security and usability space. It works in the main content area of a webpage; it focuses on making the user aware of the who, what, where, when and why of a data request, and it does not use valuable screen space when it is not relevant.