Analysis of Open Environment Sign-in Schemes-Privacy Enhanced & Trustworthy Approach

The third party based authentication possess users privacy concerns in an open environment such as links and traces user identities across various services. The cryptographic schemes for selective discloser of user information cannot adopt in practices, the common digital signature scheme public key have similar problem. In addition, trustworthy online computing formation is an important advance in security research that aims to use trusted computing remote attestation to overcome trust creation issues. In this paper, we propose a privacy enhanced and trustworthy authentication scheme, with underlying sign-in protocol solution for an open environment that guarantees users’ privacy using blind signature scheme to be anonymous and unlinkable during sign-in to the third party service ‘Identification Service Provider’ (ISP). In our proposed approach, the relying party platforms should verify the integrity of ISP at user platform before redirecting the user to the Identity Service Provider (IdSP), and user system must verify the integrity of relying party platform before delivering a user identifier. Our solution is based on blind digital signature scheme to achieve our first goal, i.e. user anonymity and unlinkability at ISP. The Trusted Computing Group (TCG) hardware root-of-trust establishes trust between interacting platforms within Open Environment to achieve our second goal, i.e. measuring integrity of relying party platforms.