There is a scale between authentication and anonymity, which is currently leaning towards the side of authentication, when it comes to e-commerce. Service providers and merchants are usually keeping track of user-related information in order to construct behavioral profiles of their customers. Service providers and merchants also correlate profiles of this kind, stemming from different sources, in order to increase their profit. This correlation is usually performed with the use of unified codes. Authentication, confidentiality, integrity, authentication, and non-repudiation are necessary functionalities for enabling e-commerce. Most of the currently used mechanisms that support these services do no provide anonymity. This paper presents PyTHIA, a mechanism, which is based on the use of Message Digest Algorithms and the intermediation of Trusted Third Parties in order to provide anonymity to e-commerce users who have to authenticate themselves in order to access services or buy goods form service providers and merchants respectively. With PyTHIA e-commerce users are able to authenticate without giving away any personal data and without using Unified Codes. In addition, PyTHIA ensures that service providers and merchants can effectively trace a customer in case he behaves maliciously.
[1]
Lorrie Faith Cranor,et al.
The platform for privacy preferences
,
1999,
CACM.
[2]
Diomidis Spinellis,et al.
Architectures for secure portable executable content
,
1999,
Internet Res..
[3]
Roy T. Fielding,et al.
Uniform Resource Identifiers (URI): Generic Syntax
,
1998,
RFC.
[4]
A. Froomkin.
Flood Control on the Information Ocean: Living With Anonymity, Digital Cash, and Distributed Databases
,
1996
.
[5]
Marc Langheinrich,et al.
The platform for privacy preferences 1.0 (p3p1.0) specification
,
2002
.
[6]
Laurie Law,et al.
How to Make a Mint: The Cryptography of Anonymous Electronic Cash
,
1997
.
[7]
Mihir Bellare,et al.
A Forward-Secure Digital Signature Scheme
,
1999,
CRYPTO.