Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
Abstracts - 3rd USENIX Workshop on Electronic Commerce

A Resilient Access Control Scheme for Secure Electronic Transactions

Jong-Hyeon Lee
University of Cambridge


There have been many studies of the management of personal secrets such as PIN codes, passwords, etc., in access control mechanisms. The leakage of personal secrets is one of the most significant problems in access control. To reduce such risks, we suggest a way of authenticating customers without transferring explicit customer secrets. Furthermore, we give a secure on-line transaction scheme based on our access control mechanism.

Needham gave an example of Personal Identification Number (PIN) management for banking systems [Nee97] that presented a way to control PIN codes. It inspired us to develop an access control model for electronic transactions which enforces a strict role definition for personal secret generation and maintenance. We extend it to a payment model. Our scheme provides enhanced privacy for customers, non-repudiation of origin for the customer order and payment transactions, and protection from personal secret leakage. Since it does not rely on either public key cryptosystems or auxiliary hardware such as chip cards and readers, its deployment within existing environments could be cost-effective.

  • View the full text of this paper in HTML form and PDF form.

  • If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.

  • To become a USENIX Member, please see our Membership Information.

?Need help? Use our Contacts page.

Last changed: 9 Apr 2002 ml
Technical Program
Workshop Index