A Resilient Access Control Scheme for Secure Electronic Transactions

There have been m any studies ofthe m anagem entofpersonalsecretssuch asPIN codes,passwords,etc.,in access controlm echanism s. The leakage of personal secrets is one of the m ost significant problem s in access control. To reducesuch risks,wesuggesta way ofauthenticating custom ers withouttransferring explicitcustom ersecrets.Furtherm ore,wegivea secureonline transaction schem e based on ouraccesscontrolm echanism . N eedham gave an exam ple ofPersonalIdentification N um ber (PIN )m anagem ent for banking system s[N ee97]thatpresented a way to control PIN codes. It inspired us to develop an access controlm odelfor electronic transactions which enforces a strict role definition for personalsecretgeneration and m aintenance. W e extend it to a paym ent m odel. Our schem e provides enhanced privacy for custom ers, non-repudiation of origin for the custom er order and paym ent transactions,and protection from personalsecret leakage. Since itdoes notrely on either public keycryptosystem sorauxiliary hardwaresuch as chip cardsand readers,itsdeploym entwithin existing environm entscould becost-effective. This work is supported in part by the EPSRC,under grantnum berGR/L95809 on ResilientSecurityM echanism s. The views and conclusions in this paper are that ofthe authoralone.