A User Authentication Scheme for Shared Data Based on a Trap-Door One-Way Function

A set of data is shared among several users. Each one of these users has access to part of the data, called the accessible region of that user. (For sirnplicity we assume that ‘access’ means that the user can read, write or update the data. The authentication method described here can easily be changed to differentiate among different types of access.) The accessible regions may overlap. Some of the data is private (accessible by only one user) and some is accessible by a group of users. To protect the data from unauthorized users we need some access control mechanism. A key is needed to unlock the access control mechanism. ln a key-oriented system [l] the key is presented by the user when he wants to access the data. In a system with a high degree of overlap among the accessible regions each user has to be equipped with a large number of keys. To avoid this the keys can be stored somewhere in the system together with a list indicating which users have the right to use which keys. This requires a safe storage of secret parameters that cannot be accessed from outside the computer except by specially authorized personnel. The access control method descrit ed here requires no secret parameters in the computer and only one key per user. This is accomplished by the use of a trap-door one-way function. Such a function is impossible (in practice) to invert unless some secret parameters are known. The key to be given to a particular user is the output of the inverse of the trapdoor one-way functioc when the input describes the