A User-oriented Multi-service Access Control System

Web-based services have become a major commodity. As an increasing number of ISPs make available an even more increasing number of remote services, security becomes a major concern in order to accomplish a fair exchange of commodities in insecure environments. An exchange of services, in order to be fair and secure, usually involves the service provider, the service requestor and a trusted third party on whose impartiality both rely. In order to provide and receive secure web-based services, trust can be accomplished by means of thorough identification and strong authentication of all the participants. The use of electronic credentials is one way of formal identification and authentication and the adoption of a unique worldwideaccepted digital credential stored in a smart card will provide a higher level of security while allowing total mobility with secure transactions over the web. While this adoption does not take place, the widespread use of digital credentials will inevitably lead to each service requestor having to be in possession of many smart cards just for storing the different electronic credentials needed for all the services he uses. We present a new approach for the use of smart cards as a basis for secure management of web-based services leading to the use of only one smart card per user in a perfectly transparent manner, thus contributing for a more generalized use of the technology.