Privacy and Accountability in Certificate Systems

Reference:

Tuomas Aura and Carl Ellison. Privacy and accountability in certificate systems. Research Report A61, Helsinki University of Technology, Laboratory for Theoretical Computer Science, Espoo, Finland, April 2000.

Abstract:

Discretionary access right management on the Internet and in other distributed communications systems is increasingly based on public-key identity and authorization certificates. The certificates pose a threat to privacy because they identify the owners and reveal the authorization relations between them. This paper overviews the privacy concerns and describes techniques for minimizing the amount of confidential information leaked about individuals and organizations. We also show how identity escrow certificates can ensure individual accountability without identity authentication. All the techniques can be implemented with SPKI certificates.

Keywords:

privacy, anonymity, PKI, certificates, SPKI

Suggested BibTeX entry:

@techreport{HUT-TCS-A61,
    address = {Espoo, Finland},
    author = {Tuomas Aura and Carl Ellison},
    institution = {Helsinki University of Technology, Laboratory for Theoretical Computer Science},
    month = {April},
    number = {A61},
    pages = {17},
    title = {Privacy and Accountability in Certificate Systems},
    type = {Research Report},
    year = {2000},
}

PostScript (369 kB)
GZipped PostScript (175 kB)