Abstract
There is a scale between authentication and anonymity, which is currently leaning towards the side of authentication, when it comes to e-commerce. Service providers and merchants are usually keeping track of user-related information in order to construct behavioural profiles of their customers. Service providers and merchants also correlate profiles of this kind, stemming from different sources, in order to increase their profit. This correlation is usually performed with the use of Unified Codes. Authentication, confidentiality, integrity, authentication, and non-repudiation are necessary functionalities for enabling e-commerce. Most of the currently used mechanisms that support these services do not provide anonymity. This paper presents PyTHIA, a mechanism, which is based on the use of Message Digest Algorithms and the intermediation of Trusted Third Parties in order to provide anonymity to e-commerce users who have to authenticate themselves in order to access services or buy goods from service providers and merchants respectively. With PyTHIA e-commerce users are able to authenticate without giving away any personal data and without using Unified Codes. In addition, PyTHIA ensures that service providers and merchants can effectively trace a customer in case he behaves maliciously.
Chapter PDF
Similar content being viewed by others
Keywords
References
M. Bellare, S. Miner, “A forward-secure digital signature scheme”, Lecture Notes in Computer Science, Vol. 166, M. Wiener (Ed.), Springer-Verlag, 1999.
A. Froomkin, “Flood Control on the Information Ocean: Living with Anonymity, Digital cash and Distributed Databases”, Univ. of Pittsburgh Journal of Law and Commerce (alsoavailable at http://www.law.miami.edu/R~froomkin/articles/oceanno.htm), 1996.
Gritzalis S., Aggelis G., Spinellis D., “Architectures for Secure Portable Executable Content”, Internet Research Journal, Vol. 9, No. 1, 1999.
IMRG Ltd., Electronic Commerce in Europe: An action plan for the marketplace, White Paper, July 1998.
Freier A., Karlton P., Kocher P., SSL ver. 3.0, Netscape Communications Corp., 1996.
L. Law, S. Sabett, J. Solinas, “How to make a mint: The cryptography of anonymous electronic cash”, National Security Office of Information Security Research and Technology, 18 June 1996.
Berners-Lee T., Fielding R., Masinter L., Uniform Resource Identifiers (URI): Generic Syntax, August 1998 (available at http://www.ietf.org/rfc/rfc2396.txt).
P. Hensley, M. Metral, U. Shardanand, D. Converse, M. Myers, Proposal for an Open Profiling Standard, W3C, 2 June 1997.
L. Cranor, M. Langheinrich, M. Marchiori, J. Reagle, “The Platform for Privacy Preferences Specification”, 2 November 1999 (available at http://www.w3.org/TR).
OECD, “Implementing the OECD Privacy Guidelines in the electronic environment: Focus on the Internet”, DSTI/ICCP/REG(97)6/Final, 27 May 1998.
OECD, “Inventory of instruments and mechanisms contributing to the implementation and enforcement of the OECD privacy guidelines on global networks”, DSTI/ICCP/REG(98) 12/Final, 19 May 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 IFIP International Federation for Information Processing
About this paper
Cite this paper
Gritzalis, D., Moulinos, K., Iliadis, J., Lambrinoudakis, C., Xarhoulacos, S. (2001). PyTHIA: Towards Anonymity in Authentication. In: Dupuy, M., Paradinas, P. (eds) Trusted Information. SEC 2001. IFIP International Federation for Information Processing, vol 65. Springer, Boston, MA. https://doi.org/10.1007/0-306-46998-7_1
Download citation
DOI: https://doi.org/10.1007/0-306-46998-7_1
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-7923-7389-6
Online ISBN: 978-0-306-46998-5
eBook Packages: Springer Book Archive