A "privacy by design" eID scheme supporting Attribute-based Access Control (ABAC)
نویسنده
چکیده
This eID scheme built along "privacy by design" principles covers a full range of identification using a single mechanism starting from the use of pseudonyms, followed by a gradual disclosure of some attributes with the consent of the end-user, up to the disclosure of a sufficient number attributes that allows a full identification of an end-user under a given context, again with the consent of the end-user. This eID scheme is resistant to the Alice and Bob Collusion attack (ABC attack) and for that reason mandates the use of secure elements that must have specific functional and security properties. Such secure elements may be provided by any manufacturer, initially without any personal data in it, and may be distributed or sold by anybody, e.g. in supermarkets, in coffee shops or by Internet web sites.
منابع مشابه
Attribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...
متن کاملA combination of semantic and attribute-based access control model for virtual organizations
A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex ...
متن کاملEnabling Attribute-based Access Control in Authentication and Authorisation Infrastructures
Attribute-based access control (ABAC) is a very powerful and flexible security technique making it possible to overcome limitations of traditional role-based and discretionary access controls. ABAC enables the dynamic handling of vast numbers of heterogeneous and changing resources and users, a task especially relevant for E-Commerce or distributed computing. With an authentication and authoris...
متن کاملSecure Protocol of ABAC Certificates Revocation and Delegation
This paper deals with the maintenance of PKI certificates for Attribute Based Access Control (ABAC). We show, that the current standard has several problems in different revocation and delegation processes. This may lead to a security hole allowing usage of ABAC certificates, when it was revoked or transferred. As a solution we suggest architecture changes, that allow to perform revocation and ...
متن کامل16th Bled Electronic Commerce Conference
Attribute-based access control (ABAC) is a very powerful and flexible security technique making it possible to overcome limitations of traditional role-based and discretionary access controls. ABAC enables the dynamic handling of vast numbers of heterogeneous and changing resources and users, a task especially relevant for E-Commerce or distributed computing. With an authentication and authoris...
متن کامل