A flexible payment scheme and its role-based access control

Univ. of Southern Queensland, Toowoomba, Qld., Australia
IEEE Transactions on Knowledge and Data Engineering (Impact Factor: 2.07). 04/2005; 17(3):425- 436. DOI: 10.1109/TKDE.2005.35
Source: IEEE Xplore


This work proposes a practical payment protocol with scalable anonymity for Internet purchases, and analyzes its role-based access control (RBAC). The protocol uses electronic cash for payment transactions. It is an offline payment scheme that can prevent a consumer from spending a coin more than once. Consumers can improve anonymity if they are worried about disclosure of their identities to banks. An agent provides high anonymity through the issue of a certification. The agent certifies reencrypted data after verifying the validity of the content from consumers, but with no private information of the consumers required. With this new method, each consumer can get the required anonymity level, depending on the available time, computation, and cost. We use RBAC to manage the new payment scheme and improve its integrity. With RBAC, each user may be assigned one or more roles, and each role can be assigned one or more privileges that are permitted to users in that role. To reduce conflicts of different roles and decrease complexities of administration, duty separation constraints, role hierarchies, and scenarios of end-users are analyzed.

Download full-text


Available from: Jinli Cao, Feb 20, 2013
  • Source
    • "The aim is that a user is able to buy goods on-line and that nor the vendor knows who is the consumer, nor the bank knows the items that a user has bought. The solutions usually involve a third party that is involved in the purchase process in order to help the consumer to get the required anonymity [25], or, in some more efficient schemes [7] [20], it helps the system to trace users operations when a bank wants to identify a dishonest consumer. Canard and Gouget propose in [8] a construction that does not require a trusted third party. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Online reservation systems have grown over the last recent years to facilitate the purchase of goods and services. Generally, reservation systems require that customers provide some personal data to make a reservation effective. With this data, service providers can check the consumer history and decide if the user is trustable enough to get the reserve. Although the reputation of a user is a good metric to implement the access control of the system, providing personal and sensitive data to the system presents high privacy risks, since the interests of a user are totally known and tracked by an external entity. In this paper we design an anonymous reservation protocol that uses reputations to profile the users and control their access to the offered services, but at the same time it preserves their privacy not only from the seller but the service provider.
    Preview · Conference Paper · Aug 2011
  • Source
    • "Our system has a point P of 160 bits and q of 160 bits. The off-line e-cash system proposed by Lee et al. has a point P of 160 bits and 160 bits prime q and the system of Wang et al. has 160 bits prime q and 321 bits prime p. Spending a coin in [15] requires 11 multi-based exponentiations and a total bandwidth of 1282 bits. The payment protocol in [9] requires 9 multi-based exponentiations and a total bandwidth of 1304 bits. "
    [Show abstract] [Hide abstract]
    ABSTRACT: An electronic cash system allows the exchange of digital coins with value assured by the bank's signature and with concealed user identity. In an electronic cash system, a user can withdraw coins from the bank and then spends each coin anonymously and unlinkably. In this paper we propose a secure and efficient off-line electronic payment system based on bilinear pairings and group signature schemes. The anonymity of the customer is revocable by a trustee in case of a dispute. Because the amount of communication in the payment protocol is about 480 bits, the proposed off-line electronic payment system can be used in wireless networks with limited bandwidth.
    Preview · Article · Nov 2010 · International Journal of Computers, Communications & Control (IJCCC)
  • Source
    • "Four relationships between users and roles, between roles and permissions, between roles and roles, and between operations and objects are many to many. The security policy of the organization determines role membership and the allocation of each role's capabilities [35]. "
    [Show abstract] [Hide abstract]
    ABSTRACT: A global education system, as a key area in future IT, has fostered developers to provide various learning systems with low cost. While a variety of e-learning advantages has been recognized for a long time and many advances in e-learning systems have been implemented, the needs for effective information sharing in a secure manner have to date been largely ignored, especially for virtual university collaborative environments. Information sharing of virtual universities usually occurs in broad, highly dynamic network-based environments, and formally accessing the resources in a secure manner poses a difficult and vital challenge. This paper aims to build a new rule-based framework to identify and address issues of sharing in virtual university environments through role-based access control (RBAC) management. The framework includes a role-based group delegation granting model, group delegation revocation model, authorization granting, and authorization revocation. We analyze various revocations and the impact of revocations on role hierarchies. The implementation with XML-based tools demonstrates the feasibility of the framework and authorization methods. Finally, the current proposal is compared with other related work.
    Full-text · Article · Jun 2009 · IEEE Transactions on Knowledge and Data Engineering
Show more