PyTHIA: Towards Anonymity in Authentication

Abstract: There is a scale between authentication and anonymity, which is currently leaning towards the side of authentication, when it comes to e-commerce. Service providers and merchants are usually keeping track of user-related information in order to construct behavioural profiles of their customers. Service providers and merchants also correlate profiles of this kind, stemming from different sources, in order to increase their profit. This correlation is usually performed with the use of Unified Codes. Authenticati… Show more

“…In Section 4 we present our proposal for a more user-transparent CSI mechanism based on Software Agents, along with a comparative evaluation of our mechanism to the already proposed ones. An earlier version of the work presented in Section 4 has been published in (Iliadis, Gritzalis and Gritzalis 2003) while some of the mechanisms for securing the operation of ADoCSI (Section 4.3.5) have been published in (Gritzalis, Moulinos, Iliadis et al 2001), (Gritzalis and Iliadis 1998) and (Iliadis, Gritzalis and Oikonomou 1998).…”

“…Another way to minimise the risk of compromised CA-CSI Agents without requiring them to contact CA-CSI Agents on other AMPs would be to have them use reverse hash chains (Gritzalis, Moulinos et al 2001;Jingfeng, Yuefei, Heng et al 2005). CA-CSI Agents' certificates should contain the initial hash value IV (IV=Hashz(pseudorandomjnumber), where z is the maximum number of validity periods of the CA-CSI Agent) of a hash chain and give out to User-CSI Agents the current period's validity value r (r=Hash>'"z(7V)/ where y is the serial number of the current validity period) and CA's should "refresh" the CA-CSI Agents when validity period is over.…”

“…The timestamp should be cryptographically verifiable. One way to do this is through the use of one-way hash chains (Jingfeng, Yuefei et al 2005), (Gritzalis, Moulinos et al 2001).…”

“…The CA should then sign Mi, where i= the last 5-minute period when this message chain can be used to authenticate the CA-CSI Agent and store the resulting signed information (PPAT -Privacy Protected Authentication Token (Gritzalis, Moulinos et al 2001)) and the random value RV in the CA-CSI Agent, before deploying it.…”

ADoCSI: εναλλακτική μέθοδος διάχυσης της πληροφορίας κατάστασης πιστοποιητικών

“…In Section 4 we present our proposal for a more user-transparent CSI mechanism based on Software Agents, along with a comparative evaluation of our mechanism to the already proposed ones. An earlier version of the work presented in Section 4 has been published in (Iliadis, Gritzalis and Gritzalis 2003) while some of the mechanisms for securing the operation of ADoCSI (Section 4.3.5) have been published in (Gritzalis, Moulinos, Iliadis et al 2001), (Gritzalis and Iliadis 1998) and (Iliadis, Gritzalis and Oikonomou 1998).…”

“…Another way to minimise the risk of compromised CA-CSI Agents without requiring them to contact CA-CSI Agents on other AMPs would be to have them use reverse hash chains (Gritzalis, Moulinos et al 2001;Jingfeng, Yuefei, Heng et al 2005). CA-CSI Agents' certificates should contain the initial hash value IV (IV=Hashz(pseudorandomjnumber), where z is the maximum number of validity periods of the CA-CSI Agent) of a hash chain and give out to User-CSI Agents the current period's validity value r (r=Hash>'"z(7V)/ where y is the serial number of the current validity period) and CA's should "refresh" the CA-CSI Agents when validity period is over.…”

“…The timestamp should be cryptographically verifiable. One way to do this is through the use of one-way hash chains (Jingfeng, Yuefei et al 2005), (Gritzalis, Moulinos et al 2001).…”

“…The CA should then sign Mi, where i= the last 5-minute period when this message chain can be used to authenticate the CA-CSI Agent and store the resulting signed information (PPAT -Privacy Protected Authentication Token (Gritzalis, Moulinos et al 2001)) and the random value RV in the CA-CSI Agent, before deploying it.…”

ADoCSI: εναλλακτική μέθοδος διάχυσης της πληροφορίας κατάστασης πιστοποιητικών