Skip to main content
SpringerLink
Log in

Flexible Authentication with Multiple Domains of Electronic Commerce

  • Conference paper
  • First Online:
Book cover Electronic Commerce and Web Technologies (EC-Web 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2115))

Included in the following conference series:

  • 617 Accesses

Abstract

In this paper, based on CORBA security service specification[1, 3], we propose the authentication model supporting multiple domains for electronic commerce with an extension to the Kerberos[13] authentication framework using public key cryptosystem[15]. This proposed model supports the protection of the high-level resources and the preservation of the security policies of the underlying resources that form the foundation of various domains, between the Kerberized domains[14] and the Non-Kerberized domains. Also we achieved the flexibility of key management and reliable session key generation between the Client and the Provider using the public key cryptosystem.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. OMG, CORBA services: Common Object Security Specification v1.7 (Draft), ftp://ftp.omg.org/pub/ docs/security/99-12-02.pdf, 2000.

  2. Object Management Group. CORBA/ IIOP 2.3.1 specification, http://sisyphus.omg.org/technology/documents/corba2formal.htm, 1999.

  3. OMG Security Working Group, OMG White Paper on Security, OMG Document, No. 9, 1996.

    Google Scholar 

  4. Menezes, Van Oorschot, Vanstone, Handbook of Applied Cryptography, 2nd Ed., pp. 570–577, 2000.

    Google Scholar 

  5. OMG, Common Secure Interoperability V2 RFP, http://www.omg.org/techprocess/meetings/schedule/CommonSecureInterop.V2RFP.html, 2000.

  6. A. Alireza, U. Lang, M. Padelis, R. Schreiner, and M. Schumacher, “The Challenges of CORBA Security”, Workshop of Sicherheit in Mediendaten, Springer, 2000.

    Google Scholar 

  7. DSTC, Public Key Infrastructure RFP, ftp://ftp.omg.org/pub/docs/ec/99-12-03.pdf, 2000.

  8. Robert Orfali, Dan Harkey, Client/ Server Programming with JAVA and CORBA, John Wiley & Sons, 1997.

    Google Scholar 

  9. Andreas Vogel, Keith Duddy, Java Programming with CORBA, 2nd Ed., John Wiley & Sons, 1998.

    Google Scholar 

  10. Bob Blakley, CORBA Security: An Introduction to Safe Computing with Objects, Addison Wesley, 2000.

    Google Scholar 

  11. M. Humphrey, F. Knabe, A. Ferrari, A. Grimshaw, “Accountability and Control of Process Creation in the Legion Metasystem”, Symposium on Network and Distributed System Security, IEEE, 2000.

    Google Scholar 

  12. A. Ferrari, F. Knabe, M. Humphrey, S. Chapin, and A. Grimshaw, “A Flexible Security System for Metacomputing Environments”, High Performance Computing and Networking Europe, 1999.

    Google Scholar 

  13. John T. Kohl, B. Clifford Neuman, Theodore Y. Ts’o, “The Evolution of the Kerberos Authentication Service”, EurOpen Conference, 1991.

    Google Scholar 

  14. Massachusetts Institute of Technology Kerberos Team, Kerberos 5 Release 1.0.5. http://web.mit.edu/kerberos/www/.

  15. M. A. Sirbu, John Chung-I Chuang, “Distributed Authentication in Kerberos Using Public Key Cryptography”, Symposium on Network and Distributed System Security, IEEE, 1997

    Google Scholar 

  16. M. Schunter, M. Waidner, “Architecture and Design of a Secure Electronic Marketplace”, 8 Joint European Networking Conference th, pp. 712-1–712-5, 1997.

    Google Scholar 

  17. M. Waidner, “Development of a Secure Electronic Marketplace for Europe”, ESORICS’ 96, Springer, Vol. 1146, pp. 1–14, Springer, 1996.

    Google Scholar 

  18. W. Diffie, M. E. Hellman, “New directions in cryptography”, IEEE Transactions on Information Theory, Vol. 22, No. 6, 1976.

    Google Scholar 

  19. T. ElGamal, “A public-key cryptosystem and a signature scheme based on discrete logarithms”, IEEE transactions on Information Theory, Vol. IT31, No. 4, 1985.

    Google Scholar 

  20. G. White and U. Pooch, “Problems with DCE Security Services”, Computer Communication Review, Vol. 25, No. 5, 1995.

    Google Scholar 

  21. T. Parker, D. Pinkas, SESAME V4 Overview, SESAME Issue1, 1995.

    Google Scholar 

  22. Joris Claessens, A Secure European System for Applications in a Multi-vendor Environment, http://www.cosic.esat.kuleuven.ac.be/sesame/, 2000.

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science & Engineering, Korea University, 1, 5-ga, Anam-dong, Sungbuk-ku, Seoul, 136-701, Korea

    Kyung -Ah Chang, Byung -Rae Lee & Tai -Yun Kim

Authors
  1. Kyung -Ah Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Byung -Rae Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tai -Yun Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Zürich, IFI, Winterthurer Str. 190, 8057, Zürich, Switzerland

    Kurt Bauknecht

  2. Department of Computer Science, Purdue University, West Lafayette, IN, 47907, USA

    Sanjay Kumar Madria

  3. Department of Information Systems, University of Essen, Universitätsstr. 9, 45141, Essen, Germany

    Günther Pernul

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chang, K.A., Lee, B.R., Kim, T.Y. (2001). Flexible Authentication with Multiple Domains of Electronic Commerce. In: Bauknecht, K., Madria, S.K., Pernul, G. (eds) Electronic Commerce and Web Technologies. EC-Web 2001. Lecture Notes in Computer Science, vol 2115. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44700-8_17

Download citation

  • DOI: https://doi.org/10.1007/3-540-44700-8_17

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42517-5

  • Online ISBN: 978-3-540-44700-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation