Abstract
This paper presents a prototype of a previously proposed user-centric identity management system using trusted modules. The trusted module, implemented using a smart card, can retrieve user attributes from identity providers and offer them to service providers, after authentication. This paper allows an evaluation of the practical feasibility of the identity management architecture and provides insight in several design decisions made during the prototype implementation. Also, the cryptographic protocols implemented in the prototype are discussed.
Chapter PDF
Similar content being viewed by others
References
Ahn, G.-J., Ko, M.: User-centric privacy management for federated identity management. In: COLCOM 2007: Proceedings of the 2007 International Conference on Collaborative Computing: Networking, Applications and Worksharing, pp. 187–195. IEEE Computer Society, Washington, DC (2007)
Bangerter, E., Camenisch, J., Lysyanskaya, A.: A cryptographic framework for the controlled release of certified data. In: Security Protocols Workshop, pp. 20–42 (2004)
Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. Journal of Cryptology 21, 469–491 (2008)
Bertocci, V., Serack, G., Baker, C.: Understanding windows cardspace: an introduction to the concepts and challenges of digital identities. Addison-Wesley Professional, Reading (2007)
Camenisch, J., Shelat, A., Sommer, D., Fischer-Hübner, S., Hansen, M., Krasemann, H., Lacoste, G., Leenes, R., Tseng, J.: Privacy and identity management for everyone. In: DIM 2005: Proceedings of the 2005 Workshop on Digital Identity Management, pp. 20–27. ACM, New York (2005)
Chadwick, D.W.: Federated identity management. In: FOSAD (2008)
Chadwick, D.W., Inman, G., Klingenstein, N.: A conceptual model for attribute aggregation. Future Generation Computer Systems 26(7) (2010)
Jøsang, A., Pope, S.: User centric identity management. In: Asia Pacific Information Technology Security Conference, AusCERT 2005, Australia (2005)
Morgan, R.L., Cantor, S., Carmody, S., Hoehn, W., Klingenstein, K.: Federated security: The shibboleth approach. EDUCAUSE Quarterly (2004)
Naumann, I., Hogben, G.: Privacy features of european eid card specifications. Technical report, ENISA (2009)
NIST. Block cipher modes, http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html
Pala, M., Sinclair, S., Smith, S.: Portable credentials via proxy certificates in web environments. In: Public Key Infrastructures, Services and Applications. LNCS. Springer, Heidelberg (2011)
Recordon, D., Reed, D.: OpenID 2.0: a platform for user-centric identity management. In: DIM 2006: Proceedings of the Second ACM Workshop on Digital Identity Management, pp. 11–16. ACM, New York (2006)
Suriadi, S., Foo, E., Jøsang, A.: A user-centric federated single sign-on system. Journal of Network and Computer Applications 32 (2009)
Vossaert, J., Lapon, J., De Decker, B., Naessens, V.: User-centric identity management using trusted modules. In: Public Key Infrastructures, Services and Applications. LNCS. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Vossaert, J., Verhaeghe, P., De Decker, B., Naessens, V. (2011). A Smart Card Based Solution for User-Centric Identity Management. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2010. IFIP Advances in Information and Communication Technology, vol 352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20769-3_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-20769-3_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20768-6
Online ISBN: 978-3-642-20769-3
eBook Packages: Computer ScienceComputer Science (R0)