Authors: Ryu Watanabe, Yutaka Miyake

Abstract:

Reducing the risk of information leaks is one of the most important functions of identity management systems. To achieve this purpose, Dey et al. have already proposed an account management method for a federated login system using a blind signature scheme. In order to ensure account anonymity for the authentication provider, referred to as an IDP (identity provider), a blind signature scheme is utilized to generate an authentication token on an authentication service and the token is sent to an IDP. However, there is a problem with the proposed system. Malicious users can establish multiple accounts on an IDP by requesting such accounts. As a measure to solve this problem, in this paper, the authors propose an account checking method that is performed before account generation.

Keywords: identity management, blind signature, privacy protection

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1057649

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1488

References:

[1] Security Assertio Markup Language (SAML) V2.0, OASIS (2005), http://www.oasis-open.org/specs/index.php#samlv2.0
[2] OpenID Authentication 2.0 - Final, OpenID Foundation, (2007), http://openid.net/specs/openid-authentication-2 0.txt
[3] Arkajit Dey and Stephen Weis, "PseudoID: Enhancing Privacy in Federated Login," Proc. 3rd Hot Topics in Privacy Enhancing Technologies( HotPETs 2010), pp.95-107 (2010).
[4] David Chaum, "Blind signatures for untraceable payments," CRYPTO, pp.199-203 (1982).
[5] Whitfield Diffie and Martin E. Hellman, "New directions in cryptography," Trans. on Information Theory, IEEE, Vol. 22, Issue 6, pp. 644-654 (1976).