Holder-of-key threshold access token for anonymous data resources
暂无分享,去创建一个
Centralized identity and access management providers (IdAM) are a source of mistrust when deploying federated services. The access token is the main piece that carries a trusted signature between the IdAM and the third-party service. Our holder-of-key access token proposal aims to reduce the risk of token forgery from the IdAM by decentralizing the generation process via (t, n)-threshold cryptography. Nonetheless, implicit consent routes are still a requirement under current legislation; and, non-encrypted personal records are useful and many times required to the third-party service provider. Our token scheme and architecture can grant access to pseudonymised resources via explicit or implicit consents. The access token is publicly verifiable and is bound to a specific pseudonym and secret key. The token has no information that can disclose the true identity behind the pseudonym. The scheme is proven secure under reasonable assumptions and scalable from the experimental results.