Account Management Method with Blind Signature Scheme

Reducing the risk of information leaks is one of the most important functions of identity management systems. To achieve this purpose, Dey et al. have already proposed an account management method for a federated login system using a blind signature scheme. In order to ensure account anonymity for the authentication provider, referred to as an IDP (identity provider), a blind signature scheme is utilized to generate an authentication token on an authentication service and the token is sent to an IDP. However, there is a problem with the proposed system. Malicious users can establish multiple accounts on an IDP by requesting such accounts. As a measure to solve this problem, in this paper, the authors propose an account checking method that is performed before account generation.

Authors:

• Ryu Watanabe
• Yutaka Miyake

Keywords:

• identity management
• blind signature
• privacy protection

References:

[1] Security Assertio Markup Language (SAML) V2.0, OASIS (2005),
http://www.oasis-open.org/specs/index.php#samlv2.0
[2] OpenID Authentication 2.0 - Final, OpenID Foundation, (2007),
http://openid.net/specs/openid-authentication-2 0.txt
[3] Arkajit Dey and Stephen Weis, "PseudoID: Enhancing Privacy in Federated
Login," Proc. 3rd Hot Topics in Privacy Enhancing Technologies(
HotPETs 2010), pp.95-107 (2010).
[4] David Chaum, "Blind signatures for untraceable payments," CRYPTO,
pp.199-203 (1982).
[5] Whitfield Diffie and Martin E. Hellman, "New directions in cryptography,"
Trans. on Information Theory, IEEE, Vol. 22, Issue 6, pp. 644-654
(1976).