Advertisement

Provision of Trusted Identity Management Using Trust Credentials

  • Siani Pearson
  • Marco Casassa Mont
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3986)

Abstract

The Trusted Computing Group (TCG) has developed specifications for computing platforms that create a foundation of trust for software processes, based on a small amount of extra hardware [1,2]. Several million commercial desktop and laptop products have been shipped based upon this technology, and there is increasing interest in deploying further products. This paper presents a mechanism for using trusted computing in the context of identity management to deal with the problem of providing migration of identity and confidential information across users’ personal systems and multiple enterprise IT back-end systems in a safe and trusted way.

Keywords

Identity Management Certification Authority User Credential Trust Platform Module Credential Management 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Pearson, S. (ed.): Trusted Computing Platforms. Prentice-Hall, Englewood Cliffs (2002)Google Scholar
  2. 2.
    TCG: TCG Main Specification, v1.1b (2003), Available via: http://www.trustedcomputinggroup.org
  3. 3.
    Brands, S.: A Semi-Technical Overview of Digital Credentials. International Journal on Information Security (August 2002), Available via: http://www.credentica.com
  4. 4.
    Pretty Good Privacy, See: http://www.pgpi.org
  5. 5.
    Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability, and pseudeonymity – a proposal for terminology. In: Federrath, H. (ed.) International Workshop on Designing Privacy Enhancing Technologies: Design Issues in Anonymity and Unobservability, pp. 1–9. Springer, New York (2001)Google Scholar
  6. 6.
    Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization, IETF (1999)Google Scholar
  7. 7.
    IETF: IETF PKIX Working Group (2005), http://www.ietf.org/html.charters/pkix-charter.html
  8. 8.
    Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI Certificate Theory, RFC 2693, IETF (1999) Google Scholar
  9. 9.
    W3C, XML Signature WG (2003), http://www.w3.org/Signature/
  10. 10.
    Arbaugh, W.: Improving the TCPA specification. IEEE Computer, Los Alamitos (2002)Google Scholar
  11. 11.
    Pearson, S.: Trusted Computing: Strengths, Weaknesses and Further Opportunities for Enhancing Privacy. In: Herrmann, P., Issarny, V., Shiu, S.C.K. (eds.) iTrust 2005. LNCS, vol. 3477, pp. 305–320. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    TCG: Interoperability Specification for Backup and Migration Services, v1.0 (June 2005), Available via: www.trustedcomputinggroup.org
  13. 13.
    Hughes, J.: Certificate inter-operability – White Paper. Computers and Security, International Journal devoted to the study of technical and financial aspects of computer security 18(3), 221–230 (1999)Google Scholar
  14. 14.
    Herzberg, A., Mass, Y.: Relying Party Credentials Framework. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 328–343. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 213. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Cocks, C.: An Identity Based Encryption Scheme based on Quadratic Residues, Communications Electronics Security Group (CESG), UK (2001), Available via: http://www.cesg.gov.uk/technology/id-pkc/media/ciren.pdf
  17. 17.
    Wave System, Embassy Key Management Server (2006), http://www.wave.com/products/ktmes.html
  18. 18.
    Intel, LaGrande Technology Architectural Overview (September 2003), Available via: http://www.intel.com/technology/security/downloads/LT_Arch_Overview.pdf
  19. 19.
    Microsoft, Next-Generation Secure Computing Base home page (2006), http://www.microsoft.com/resources/ngscb
  20. 20.
    Liberty Alliance Project (2006), http://www.projectliberty.org/
  21. 21.
    W3C, XML Key Management Specification (XKMS) (2003), http://www.w3.org/TR/xkms/
  22. 22.
    IBM, The Enterprise Privacy Authorization Language (EPAL), EPAL 1.2 specification, IBM (2004), http://www.zurich.ibm.com/security/enterprise-privacy/epal/
  23. 23.
    OASIS, eXtensible Access Control Markup Language (XACML), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
  24. 24.
    W3C, The Platform for Privacy Preferences 1.0 (2002), http://www.w3.org/TR/P3P/
  25. 25.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language (2001), Available via: http://www-dse.doc.ic.ac.uk/research/policies/index.shtml
  26. 26.
    Casassa Mont, M., Pearson, S., Bramhall, P.: Towards Accountable Management of Privacy and Identity Information. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 146–161. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  27. 27.
    Biskup, J., Karabulut, Y.: A hybrid PKI model with an application for secure mediation. In: 16th Annual IFIP WG 11.3 Working Conference on Data and Application Security, Cambridge, England (July 2002)Google Scholar
  28. 28.
    Chaum, D.: Untraceable electronic mail, return addresses and digital pseudonyms. Communications of the ACM 24(2) (February 1981)Google Scholar
  29. 29.
    Chaum, D.: Achieving Electronic Privacy. Scientific American, pp. 96–101 ( August 1992)Google Scholar
  30. 30.
    Chaum, D.: Showing credentials without identification. In: Pichler, F. (ed.) EUROCRYPT 1985. LNCS, vol. 219, pp. 241–244. Springer, Heidelberg (1986)CrossRefGoogle Scholar
  31. 31.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  32. 32.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proceedings 17th Symposium on Security and Privacy, pp. 164–173. IEEE Computer Society Press, Los Alamitos (1996)Google Scholar
  33. 33.
    Casassa Mont, M., Bramhall, P., Dalton, C.R., Harrison, K.: A Flexible Role-based Secure Messaging Service: Exploiting IBE in a Health Care Trial, HPL-2003-21 (2003)Google Scholar
  34. 34.
    Casassa Mont, M., Harrison, K., Sadler, M.: The HP Time Vault Service: Exploiting IBE for Timed Release of Confidential Information. In: WWW 2003 (2003)Google Scholar
  35. 35.
    PRIME Project: Privacy and Identity Management for Europe, European RTD Integrated Project under the FP6/IST Programme (2005), http://www.prime-project.eu.org/

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Siani Pearson
    • 1
  • Marco Casassa Mont
    • 1
  1. 1.Trusted Systems LaboratoryHewlett Packard Research LabsBristolUK

Personalised recommendations