For user authentication, traditional passwords or PIN codes are still one of the most common methods, although they are notoriously vulnerable to attacks. Even systems with sophisticated security protocols often employ such authentication procedures, since they are easy and familiar to users. For this reason, many studies of personal secret management have been done, like strengthening passwords [ALN97], enhancement of existing password protocols [BM92, BM93], protection for poorly chosen passwords [GLNS93], one-time password schemes [Hal94, Rub96], and so on.
In access control, we have to consider who generates secrets and who maintains them. Some banks generate customers' PIN codes, and send them to customers. Some on-line shops ask customers to generate passwords for their services, and keep the passwords in their database. It is common that personal secrets are known to service providers such as banks or on-line shops, as shared secrets between the service providers and customers. But there is no reason for customers to trust service providers; this is dangerous.
Needham gave a simple PIN code management scheme for banking systems [Nee97], which shows a strict role definition of PIN generation and management. The PIN codes are generated and maintained by customers themselves. This idea can be a basis for building a privacy-enhanced transaction model with strict role definition.
One of the most frequently asked question in security is protection versus cost. It is a good idea to have alternatives with the same function at different levels of cost. Public key cryptosystems provide high confidentially, authentication, etc., but they require a public key infrastructure. For some applications, it is not a proper solution to adopt a public key cryptosystem because of the cost.
There have been many attempts to use hash functions rather than public key cryptosystems. IBM's KryptoKnight is such an example [MTvHZ92]. From a user's perspective, KryptoKnight provides services and facilities which are very similar to those of Kerberos [NT94] and based on the well-known Needham-Schroeder scheme [NS78], but it uses hash functions and Message Authentication Codes (MACs). We also use only one-way hash functions to build an access control mechanism and a payment mechanism. Since it is based on hash calculations and nonces, the required infrastructure is lighter than that of a public key cryptosystem, to which it can provide a low cost alternative.
We will develop a customer-oriented transaction model in which personal secrets are generated and maintained by customers. It supports customer registration both in a bank and in an on-line shop, and a transaction procedure between three principals; a customer, a merchant, and a bank.