Check out the new USENIX Web site. next up previous
Next: Introduction Up: A Resilient Access Control Previous: A Resilient Access Control

Abstract

There have been many studies of the management of personal secrets such as PIN codes, passwords, etc., in access control mechanisms. The leakage of personal secrets is one of the most significant problems in access control. To reduce such risks, we suggest a way of authenticating customers without transferring explicit customer secrets. Furthermore, we give a secure on-line transaction scheme based on our access control mechanism.

Needham gave an example of Personal Identification Number (PIN) management for banking systems [Nee97] that presented a way to control PIN codes. It inspired us to develop an access control model for electronic transactions which enforces a strict role definition for personal secret generation and maintenance. We extend it to a payment model. Our scheme provides enhanced privacy for customers, non-repudiation of origin for the customer order and payment transactions, and protection from personal secret leakage. Since it does not rely on either public key cryptosystems or auxiliary hardware such as chip cards and readers, its deployment within existing environments could be cost-effective.



Jong-Hyeon Lee, Computer Laboratory, University of Cambridge, 1998.