This paper focuses on authentication with three types of entities: a user who sends an authentication request, a service provider who receives and verifies the request, and a database who supplies the service provider with information for verifying the request. This paper presents novel authentication protocols that satisfy the following important properties: (1) secure against replay attacks and (2) the database cannot identify which user is authenticating. First, we show a protocol which satisfies Properties (2). Second, we show a protocol which satisfies Properties (1) and (2). A key idea of our authentication protocols is to use private information retrieval (PIR) [Chor et al. J. ACM, 1998].
|Number of pages||7|
|Journal||Journal of Digital Information Management|
|Publication status||Published - Apr 2011|
All Science Journal Classification (ASJC) codes
- Management Information Systems
- Information Systems
- Library and Information Sciences