Trusted third party

About: Trusted third party is a research topic. Over the lifetime, 2919 publications have been published within this topic receiving 60935 citations.

Trusted inter-domain safety certificate protocol based on SDN

Abstract: The invention belongs to the field of information safety and discloses a trusted inter-domain safety certificate protocol based on an SDN. Trusted network thought is fused into an OpenFlow network architecture under the SDN conception, so that the trusted and controllable safety purpose of the network architecture is achieved in the future. On the basis of establishing a trusted domain, the trusted inter-domain safety certification protocol without a trusted third party is provided, a challenge-response mode is adopted for the protocol, firstly, a certification requester getting access to a trusted network enters in an initial state, identity information is sent to a requested person, the requested person responds, own identity information is returned, and the requester and the requested person perform identity registration with each other; Secondly, certification requester and the requested person continue to adopt the challenge-response mode to negotiate trusted sensitive information, and through comparing Hash results of sensitive information PCR values and Hash results of random numbers, mutual trust certification is performed; finally, if the requester and the requested person respectively compare the Hash results, and the trusted requirement is met, certification is successful, and otherwise mutual trust certification fails.

Certified electronic mail protocol resistant to a minority of malicious third parties

Abstract: We present the design of a protocol for certified e-mail. Some proposed certified e-mail protocols involve a third party in order to guarantee a fair exchange. Users, therefore, have to deposit a great amount of trust in a remote third party. In addition to that, the third party can become a communication bottleneck. We propose a protocol that involves an organisation of third parties, but only in case of exception. It reduces the amount of trust deposited in the third parties, because a minority of malicious third parties cannot compromise the fairness of the exchange, since all the third parties make a decision voted on by members.

System and method for identity verification

Abstract: A system and method for identity verification A first party can verify his identity with a second party in that the first party by using a computer (100) via an electronic connection registers with the second party (200), and that where the second party registers the first party's telephone number in his database (202) When the first party later logs on to the second party's website, the first party identifies himself by giving his telephone number via the electronic connection The processor (201) verifies that the telephone number given matches the telephone number registered in the database (202), whereupon the processor sends a computer-generated, unique password to the first party's telephone (101, 102) The first party enters the password on his computer (100), whereupon it is sent to the second party's processor (201) where the password is verified against the message recently sent over the telecommunication network If the first party's identity is thus verified, the parties establish contact for an exchange of information over the electronic connection As a new password is generated before each transaction and the relaying of the password takes place via two separate networks This is a very secure, fast and simple method of verifying user identity via an electronic connection

An automatic RFID reader-to-reader delegation protocol for SCM in cloud computing environment

Abstract: Radio frequency identification (RFID) technology enables unique identification and tracking of the tag attached to an object. Widespread usage of RFID technologies in supply chain management (SCM) has drawn attention for developing security protocols to protect data stored in the tag. In SCM objects move from one place/department to another, the same RFID readers are not used throughout the supply chain. So, current reader delegates its access right to the new reader. When an object is moved inside the organization, delegation takes place between the readers. Many of the existing delegation protocols use trusted third party (TTP), which is practically difficult to incorporate or requires a keyed hash function/symmetric key encryption to be executed in the RFID tag, whereas tags are computationally intensive. Our work aims to simplify the delegation process by removing the usage of a TTP as well as eliminating reader-to-reader communication which avoids fixing the reader sequence in advance. Also, it preserves the security and privacy requirements for cloud-based applications. The proposed protocol withstands many attacks like tracing attack, tag impersonation attack, reader impersonation attack, and privacy attack. The proposed protocol not only resists the above-mentioned attacks but also achieves mutual authentication, anonymity property, and forward/backward secrecy. The proposed protocol is analyzed formally using GNY logic, which ensures that the protocol achieves mutual authentication. Performance analysis is carried out and it shows that our protocol is relatively better than the existing related schemes with respect to tag computation and communication cost.

A Secure Exam Protocol Without Trusted Parties

Abstract: Relying on a trusted third party (TTP) in the design of a security protocol introduces obvious risks. Although the risks can be mitigated by distributing the trust across several parties, it still requires at least one party to be trustworthy. In the domain of exams this is critical because parties typically have conflicting interests, and it may be hard to find an entity who can play the role of a TTP, as recent exam scandals confirm. This paper proposes a new protocol for paper-based and computer-based exams that guarantees several security properties without the need of a TTP. The protocol combines oblivious transfer and visual cryptography to allow candidate and examiner to jointly generate a pseudonym that anonymises the candidate’s test. The pseudonym is revealed only to the candidate when the exam starts. We analyse the protocol formally in ProVerif and prove that it satisfies all the stated security requirements.