Privacy-Preserving Authentication of Users with Smart Cards Using One-Time Credentials

概要

論文の詳細を見る
User privacy preservation is critical to prevent many sophisticated attacks that are based on the users server access patterns and ID-related information. We propose a password-based user authentication scheme that provides strong privacy protection using one-time credentials. It eliminates the possibility of tracing a users authentication history and hides the users ID and password even from servers. In addition, it is resistant against user impersonation even if both a servers verification database and a users smart card storage are disclosed. We also provide a revocation scheme for a user to promptly invalidate the users credentials on a server when the users smart card is compromised. The schemes use lightweight operations only such as computing hashes and bitwise XORs.
（社）電子情報通信学会の論文
2010-07-01