Trusted third party

About: Trusted third party is a research topic. Over the lifetime, 2919 publications have been published within this topic receiving 60935 citations.

Using a trusted execution environment as a trusted third party providing privacy for attestation

Abstract: A method, apparatus, and computer-readable medium providing instructions to cause a computing device to establish a portion of a memory of the computing device as a trusted execution environment and execute a trusted third party application within the trusted execution environment. The trusted third party application is to receive a signed public key and an identifier for a verifier from a user client attestation application executing on a client platform. The signed public key is signed with an identifiable platform attestation private key for the client platform. The trusted third party application is further to verify the signed public key, determine a policy of the verifier, encode the policy into a trusted third party anonymous certificate for the signed public key, issue the trusted third party anonymous certificate without including identification information of the client platform, and send the trusted third party anonymous certificate to the user client attestation application.

A Privacy-Preserving Health Data Aggregation Scheme

Abstract: Patients’ health data is very sensitive and the access to individual’s health data should be strictly restricted. However, many data consumers may need to use the aggregated health data. For example, the insurance companies needs to use this data to setup the premium level for health insurances. Therefore, privacy-preserving data aggregation solutions for health data have both theoretical importance and application potentials. In this paper, we propose a privacy-preserving health data aggregation scheme using differential privacy. In our scheme, patients’ health data are aggregated by the local healthcare center before it is used by data comsumers, and this prevents individual’s data from being leaked. Moreover, compared with the existing schemes in the literature, our work enjoys two additional benefits: 1) it not only resists many well known attacks in the open wireless networks, but also achieves the resilience against the human-factor-aware differential aggregation attack; 2) no trusted third party is employed in our proposed scheme, hence it achieves the robustness property and it does not suffer the single point failure problem.

Cross site request forgery mitigation in multi-domain integrations

Abstract: Systems and methods for authenticating a request submitted from a client device through a third party content provider to an electronic entity are described. In one embodiment, a method includes providing a trusted script to the third party content provider, passing a trust token to the third party content provider and to the client device, and, in response to a request submitted from the client device through the third party content provider, validating the trust token associated with the request with the token passed to the client device, and processing the request. The trusted script is configured to create a trusted window on the third party Web page displayed on the client computing device, receive a trust token from the electronic entity through the trusted window, and associate the trust token with requests submitted from the client computing device through the third party content provider to the electronic entity.

Secure privacy and distributed group authentication for VANET

Abstract: Vehicular Ad Hoc Network (VANET) has evolved to complement Intelligent Transportation System (ITS) for communicating safety messages while driving on the road and it faces challenges such as certificate management and privacy preservation. In this paper, a distributed authentication scheme called as Group Authentication Protocol (GAP) is proposed to resolve the most conflicting security requirements such as group authentication and conditional privacy. GAP uses session based pseudonym to support anonymous communication. The proposed batch verification scheme as a part of the protocol poses a significant reduction in the message delay. Furthermore, it enables the vehicles to verify a large number of messages in the case of high vehicular density and also improves message loss ratio. Trusted third party called Trusted Authority has the complete control of tracing the vehicles both benign and misbehaving vehicles.

Telecommunications system for providing a calling party control service

Abstract: In a technique for providing calling party definition and control of the contact information and sequencing used to reach a particular called party the calling party specifies a set of communications devices along with their respective contact numbers for use in contacting a particular called party. Thereafter, for example, a telecommunications service provider will attempt to locate the called party in accordance with the designated set of devices and respective contact numbers so designated by the calling party. Advantageously, the technique provides a significant amount of increased control to the calling party in defining and controlling the sequence in which attempts are made to reach a particular called party.