UNIDENTIFIABILITY AND ACCOUNTABILITY IN ELECTRONIC TRANSACTIONS
|
|
- Jerome Lamb
- 8 years ago
- Views:
Transcription
1 KATHOLIEKE UNIVERSITEIT LEUVEN FACULTEIT TOEGEPASTE WETENSCHAPPEN DEPARTEMENT COMPUTERWETENSCHAPPEN Celestijnenlaan 200A, B-3001 Leuven UNIDENTIFIABILITY AND ACCOUNTABILITY IN ELECTRONIC TRANSACTIONS Promotor: Prof. Dr. ir. B. DE DECKER Proefschrift voorgedragen tot het behalen van het doctoraat in de toegepaste wetenschappen door Elsie VAN HERREWEGHEN Oktober 2004
2
3 KATHOLIEKE UNIVERSITEIT LEUVEN FACULTEIT TOEGEPASTE WETENSCHAPPEN DEPARTEMENT COMPUTERWETENSCHAPPEN Celestijnenlaan 200A, B-3001 Leuven UNIDENTIFIABILITY AND ACCOUNTABILITY IN ELECTRONIC TRANSACTIONS Jury: Prof. H. Van Brussel, voorzitter Prof. B. De Decker, promotor Prof. F. Piessens Prof. B. Preneel Prof. P. Verbaeten Prof. R. Molva (Institut Eurécom, Sophia Antipolis, France) Prof. K. Rannenberg (Goethe Univ. Frankfurt am Main, Germany) Proefschrift voorgedragen tot het behalen van het doctoraat in de toegepaste wetenschappen door Elsie VAN HERREWEGHEN U.D.C *I21 Oktober 2004
4 c Katholieke Universiteit Leuven Faculteit Toegepaste Wetenschappen Arenbergkasteel, B-3001 Heverlee-Leuven (Belgium) Alle rechten voorbehouden. Niets uit deze uitgave mag vermenigvuldigd en/of openbaar gemaakt worden door middel van druk, fotocopie, microfilm, elektronisch of op welke andere wijze ook zonder voorafgaande schriftelijke toestemming van de uitgever. All rights reserved. No part of the publication may be reproduced in any form by print, photoprint, microfilm or any other means without written permission from the publisher. D/2004/7515/63 ISBN
5 Acknowledgements This work has been performed at the IBM Zurich Research Laboratory in cooperation with the Katholieke Universiteit Leuven. I thank my employer, IBM Research, for giving me the opportunity to conduct the research reported on in this work and specifically Michael Waidner, Douglas Dykeman and Matthias Schunter for allowing me to complete part of the final writing on IBM time. I am very grateful to Bart De Decker for having accepted to supervise this PhD thesis and for his continuous support, feedback and help. His positive and constructive feedback to my initial PhD plans and proposal contributed to my confidence in this project and helped me take the necessary steps to realize it. I also want to thank him for many fruitful discussions and for his thorough reading of and constructive comments on earlier versions of this work. He also helped me with many practical issues which were difficult for me to deal with remotely. Thank you! I am grateful to Professors Bart Preneel, Frank Piessens, Pierre Verbaeten, Refik Molva and Kai Rannenberg who kindly accepted to be members of the jury and to Professor Hendrik Van Brussel for accepting to chair it. I thank Bart Preneel for his in-depth reading and useful comments for improvement of the text and Frank Piessens for advice and help when completing my text. The following people readily agreed to include co-authored material in this manuscript: Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steiner, Gene Tsudik, Michael Waidner, N. Asokan and Jan Camenisch. I want to thank them for that. Both Asokan and Michael Steiner I want to thank for sharing their initial thoughts on dispute handling with me and for many interesting discussions on the subject. Working with them triggered my interest in fairness and accountability and inspired my later work. A special word of gratitude goes to Gene Tsudik, with whom I also have had the pleasure to work for a number of years. His encouragement, positive feedback and invitations for cooperation during my first years with IBM have helped me find my way in this international research environment. Jan Camenisch guided me on the path of anonymous credentials and I am very grateful to him. The Idemix project and our ACM CCS paper have provided me with the inspiration how to extend my earlier work into a PhD. I want to thank him in particular for his readiness, time and patience explaining the workings of a system like Idemix to a non-cryptographer. I want to thank many friends and colleagues for lifting my spirits and for motivating words. I cannot list all of them but want to thank in particular Angelo Tosi, Anouschka Van Loon, Anthony Bussani, Klaus Kursawe, Marc Dacier, Muriel Dacier, Liba Svobodova, Marilyne Sousa Petit and Sonja Buchegger. I want to thank my family in Belgium and Indiana too many names to mention for their moral support throughout this work, often in s and phone calls. A special thanks goes to my parents for many years of encouragement and support and for again continuously encouraging me in the course of this particular endeavor. A big and very special thanks goes to my husband Paolo for his support and encouragement, for putting up with a summer without real vacations, and for taking care of our son Luca when I was working he made it possible for me to finish this. Seeing Luca come home happy and smiling after various fun outings with papà was the best support I could imagine. i
6 ii
7 Abstract Accountability, the possibility to hold an individual responsible for his actions, is an important aspect of electronic commerce transactions. Public-key signatures and infrastructures are typical means for achieving accountability: a digital signature which can be verified with a certain public key is attributed to the individual to whom the public key is certified to belong according to a certificate issued by a trusted certification authority. Accountability thus seems to imply identifiability. On the other hand, privacy concerns of users motivate the demand for systems where they can interact with various services in an unidentifiable way. The goal of this work is to demonstrate compatibility of unidentifiability and accountability. One part of this work deals with the notion of accountability. We illustrate protocol design for accountablity with the ikp payment system for secure credit and debit card payments. We then describe a language and framework for supporting accountability claims in payment systems. Using this claim language, we compare two electronic payment protocols with respect to their accountability features. A second part of this work deals with introducing unidentifiability in electronic transactions while preserving or even improving accountability. We introduce the notion of liability-enhanced public-key infrastructure and liability-enhanced certificates in which users take precise liabilities for the certificates they request and issuers take precise liabilities for the certificates they issue. In such an infrastructure, we show that any level of accountability can be achieved even when users act under pseudonyms, i.e., use certificates issued on pseudonyms rather than user identities. We then introduce Idemix, an anonymous credential system. Its credentials are issued on pseudonyms; different pseudonyms of the same user cannot be linked to each other or to the user; and different uses of the same credential cannot be linked to each other: when a user shows a credential, he only proves possession of a credential with certain attributes. At the same time, Idemix allows for enforcement of accountability through its optional features of identity-based registration and de-anonymization; both processes can be assigned to dedicated and trusted entities other than the regular credential issuers. We describe authentication, accountability and linkability characteristics of the various Idemix building blocks and illustrate how to use these descriptions in analyzing security and unidentifiability features of larger Idemix-based applications. We formulate recommendations for the design of systems with maximal unidentifiability and show that the potential of unidentifiability can be maximized if authentication and accountability requirements are derived from concrete risks. iii
8 iv
9 Contents 1 Introduction Introduction Terminology Identity-Based vs. Attribute-Based Authentication and Authorization Certificates and Credentials Belief, Provability, Accountability and Liability Pseudonymity, Anonymity, Linkability and (Un-)Identifiability Accountability in Public-Key Based Systems Protocol Design: Authentication vs. Accountability Overall System Design for Accountability Liabilities and Guarantees Authentication and Accountability in Anonymous Transactions Attribute-Based Authorization Avoiding Linkability of Transactions Re-Identification Prevention vs. Detection of Fraud and Misuse Anonymous Credentials Incentives and Disincentives for Accountability and Unidentifiability Accountability Privacy and Unidentifiability Goal and Scope of This Work Notation A Secure Account-Based Electronic Payment System 17 Preamble Introduction and Overview History and Related Work Payment Model Security Requirements The ikp Protocol Family KP v
10 vi Contents KP KP Comparison of the Protocols ZiP: Implementation and Deployment Protocol scenarios Implementation Rationales and Explanations Architecture Deployment Postscript Accountability and Dispute Handling in Payment Systems 45 Preamble Introduction Importance of Dispute Handling in Electronic Commerce Handling Disputes Expressing Dispute Claims What to Dispute? Value Transfers as Primitive Transactions Statements of Dispute Claims Supporting Claims with Evidence Architecture for Dispute Handling Evidence and Trust An Example: Evidence Tokens in ikp Summary and Conclusion Postscript Analysis of Accountability Features in SET and ikp 67 Preamble Introduction High-Level Payment Protocol Description Proving Authorizations of Primitive Transactions SET SET Protocol Overview Evidence of Authorizations Discussion Recommendations ikp ikp Protocol Overview Evidence of Authorizations Discussion
11 Contents vii 4.6 Summary Postscript Secure Anonymous Signature-Based Transactions 85 Preamble Introduction Pseudonymizing a Generic Payment System The Generic Payment Protocol Requirements for a Secure Pseudonymized Version Design for Maximum Security: PS On-line, CERT P Linked to Transaction Alternative Design: Off-Line PS Discussion Generalized Signatures and Liabilities Liability-Aware Certificates A Generic Pseudonym Server CERT REQ, CERT RES The Liabilities in CERT P Example: Auction Related and Future Work Conclusion PostScript An Anonymous Credential System 103 Preamble Introduction Idemix Protocols, Pseudonyms and Credentials Basic Credential Protocols Credential Options and Attributes Parameters of the Show Protocol Credential System Primitives Pseudonyms Credentials CredShowFeatures Protocol Primitives The Idemix Prototype OrgNymSystem and UserNymSystem Token-Based Interfaces UserSyncNymSystem and OrgSyncNymSystem Synchronous Interfaces DeAnOrgNymSystem Communication Persistent Data Storage
12 viii Contents Building Applications: Granting and Processing Requests An Example Scenario: An Anonymous Subscription to the New York Times Creating and Configuring the User and Organizations User Credential Manager and Browser Plug-In Deployment Considerations Idemix as a Generic Attribute-Based Authentication System The Role of Authenticated Communication in Linking Transactions Based on Idemix Authentication Deploying Idemix as a Privacy-Enhanced Public-Key Infrastructure with External Certification Infrastructural Issues: User Registration and Organization Updates Conclusions and Future Work Postscript Designing Applications Using Idemix Anonymous Credentials Introduction Primitives and Parameters of the Anonymous Credential System Basic primitives Signed Nym Registration Root Nym Registration Assertions on Nyms, Credentials and Transcripts Resulting from Interactive Protocols Nym Registration Signed Nym Registration Root Nym Registration Credential Issuing Showing a Credential Not Relative to a Nym Showing a Credential Relative to a Nym Local Operations on Transcripts Local De-Anonymization Global De-Anonymization Double-Spending Detection Assertions on Linkability Anonymity, Linkability and Identifiability Nym Registration Signed Nym Registration Root Nym Registration Issuing of a Non-Unique Credential Issuing of a Unique Credential Unconditionally Unidentifable Showing of a Credential Showing a Credential with Unique Parameters
13 Contents ix Showing a Credential Relative to a Nym Showing a Credential with De-Anonymizaton Showing a One-Show Credential Additional Procedures and Functionality More On Global De-Anonymization Revocation Certification Designing an Application Introducing the LostFound Application Key Material, External Certificates and Idemix Certificates Security of the Communication Channels Protocols for Registration and Service Access Verifying Organizations Accountability Requirements Verifying User Unidentifiability Requirements Trust, Accountability, Liability and Certification Trust by Users and Organizations in De-Anonymization Trust by Organizations in the System Certificates, Liabilities and Contracts A Scenario Illustrating Trust in Accountability and Unidentifiability Conclusion Certificate- and Credential-Based Anonymous Payments Introduction Payment Protocols Based on Certificates Non-Pseudonymous Account-Based Payment Protocol Based on Certificates Pseudonymous Account-Based Payment Protocol Based on Certificates Payment Systems Based on Anonymous Credentials Account-Based Payment Protocol Based on Anonymous Credentials Pre-Paid Payment Protocol Based on Anonymous Credentials Analysis of Accountability and Unidentifiability of the Various Payment Protocols Non-Pseudonymous Account-Based Payment Protocol Based on Certificates Pseudonymous Account-Based Payment Protocol Based on Certificates Account-Based Payment Protocol Based on Anonymous Credentials Pre-Paid Payment Protocol Based on Anonymous Credentials Additional Remarks on the Use of Certificates vs. Anonymous Credentials Risks Related to a Breakdown of the Credential System or Compromise of Secrets Conclusion From Identity-Based to Risk-Driven Design Non-Anonymous Applications Based On Anonymous Credentials
14 x Contents An Example Application Based on Certificates The Example Application Based on Credentials Conclusion Risk-Driven Design The Principles Revisited Risk-Driven Application Design: An Example Risk-Driven Application Design: General Method Description Risk-Driven Application Design And Design Principles for Accountability and Unidentifiability Conclusion Related Research Conclusions Summary of Contributions Summary of Conclusions Avenues for Future Work Bibliography 225 List of Publications 233 Biography 235 A Summary in Dutch i
15 List of Figures 2.1 Generic Model of a Payment System Keys and Cryptograhic Primitives Used in ikp Protocols Definitions of Atomic Fields Used in ikp Protocols Framework of ikp Protocols KP Protocol KP Protocol KP Protocol The Payment Clearance/Capture Scenario The Status Inquiry Scenario ZiP Implementation Architecture An Example Payment Transaction Value Transfer Transactions Semantics of Dispute Statements Basic Dispute Protocol Simplified ikp Protocol Global States in ikp Generic Credit Card Payment Protocol Value Transfer Transactions SET Payment with On-Line Authorization KP Payment with On-Line Authorization Generic Payment Protocol Pseudonymized Payment Protocol: On-Line PS, One-Time Pseudonym Certificate Pseudonymized Payment Protocol: Off-line PS Generic Pseudonym Server Basic Credential System Protocols De-Anonymization User, Org, and DeAnOrg Components User, Org and DeAnOrg Token-Based and Synchronous Interfaces xi
16 xii List of Figures 6.5 An Organization Application UserCredential Manager Anonymous Credential System: Overview of Basic Primitives Anonymous Credential System: Key Material and Parametrized Primitives Anonymous Credential System: Parameter Types and Contents Anonymous Credential System: Signed Nym Registration Anonymous Credential System: Root Nym Registration Global De-Anonymization Using Local De-Anonymization: V and I Cooperating Global De-Anonymization Using Local De-Anonymization: V Verifying Linking of Nyms Example Application: Key Material and Registration Example Application: Accessing LostFound Example Application: Local and Global De-Anonymization A Scenario Illustrating Trust in Accountability and Unidentifiability Non-Pseudonymous Account-Based Payment Protocol Based on Certificates Pseudonymous Account-Based Payment Protocol Based on Certificates Account-Based Payment Protocol Based on Anonymous Credentials Pre-Paid Payment Protocol Based on Anonymous Credentials Example Certificate-Based Application: Participants, Key Material and Protocol Flows Example Credential-Based Application: Participants, Key Material and Protocol Flows Risk/Options Analysis for L LostFound Application Design
17 List of Tables 2.1 Comparison of the ikp Payment Protocols Protocol Flags Used in ZiP Attributes and Operators of Primitive Transactions Grammar for the Payment Dispute Claim Language Information of Players in a Completed ikp Transaction Mapping Evidence to Dispute Statements in ikp SET Atomic and Composite Fields ikp Atomic and Composite Fields Generic Certificate Format Example Application: Parameters of Assertions and Primitives Certificate Contents for the LostFound Example Non-Pseudonymous Account-Based Payment Protocol Based on Certificates Pseudonymous Account-Based Payment Protocol Based on Certificates Account-Based Payment Protocol Based on Anonymous Credentials Pre-Paid Payment Protocol Based on Anonymous Credentials Example Certificate-Based Applicaton: Certificate and Message Contents Example Certificate-Based Application: Evidence and Provable Statements Example Credential-Based Application: Certificate and Message Contents Example Credential-Based Application: Evidence and Provable Statements xiii
18 xiv List of Tables
19 Chapter 1 Introduction 1.1 Introduction A public-key infrastructure (PKI) can offer a secure and scalable solution for authentication and secure communication in electronic transactions. Using public-key certificates issued by a trustworthy certification authority, participants in an electronic transaction can authenticate to each other without prior sharing of a secret; this authentication also allows participants to establish communication channels with various security properties such as authentication, integrity-protection and confidentiality-protection of the data exchanged. An important application of public-key cryptography and public-key infrastructures is the digital signature (short: signature) application. A digital signature is generated using the private signature key belonging to a signer and can be verified using the public key associated with this private signature key. A digitally signed (short: signed) message or other piece of information allows to securely attribute the signed information to one possible originator, namely the unique holder of the private signature key. This feature forms the basis for claims of non-repudiation, the impossibility for the signer of a document to later successfully repudiate having signed that document. Throughout this work, we will rather use the term accountability, i.e., the possibility to hold the sender (signer) of a message accountable or responsible for the message and its contents. Accountability requires identifiability, i.e., the possibility to assign a signature key, and thus a signed message, to a particular individual, organization or company. To this end, conventional public-key certificates bind an identity or name to a public key; this allows the party successfully verifying a signature with this key to assign the signed contents to the entity with that name or identity. While the cryptographic technology supporting accountability exists, many public-key based applications and infrastructures cannot claim this property. It is indeed far from trivial to design an operational system where actions and messages can be said to be accountable: the supporting public-key infrastructure has to fulfil a number of stringent security and accountability requirements (see Sections 1.2.3, and 1.3.3). Also, accountability requirements have to be explicitly stated and taken into account in the transaction protocol design. On the other hand, privacy concerns of users in e-commerce and other electronic transaction environments motivate the demand for protocols and systems where users can interact with various servers and organizations without their identity becoming known. Designing a secure and accountable system where actions can be unidentifiable may then seem like an impossible task, as accountability requires identification of an actor. This work deals with accountability and unidentifiability in electronic transactions. It discusses the design and analysis of systems based on accountability requirements and explores the potential for unidentifiability in systems with high requirements on security and accountability. 1
20 2 Chapter 1. Introduction The remainder of this chapter is organized as follows. In Section 1.2, we first introduce some terminology related to accountability and unidentifiability. Section 1.3 then discusses requirements and challenges related to achieving accountability in electronic transactions. Section 1.4 discusses different concepts and techniques that can introduce unidentifiability in electronic transactions while preserving or enabling accountability properties. Section 1.5 discusses incentives and disincentives for accountability and unidentifiability. Section 1.6 describes the scope and goal of this work. 1.2 Terminology In this section, we introduce some terminology and concepts related to unidentifiability and accountability as they will be used in this work Identity-Based vs. Attribute-Based Authentication and Authorization Authentication is a service related to identification. Entity authentication as well as message authentication corroborate the identity of an entity (e.g., a person, a computer, etc.) associated with a communication channel or with a specific piece of information [91]. In traditional systems for access control, an entity s authorization to perform an action or to act under a certain role is typically derived from such identity authentication. This identity may have a global meaning, or it may only have a meaning to some participants in the system; it may also be a pseudonym as defined in the next section. In identity-based authorization, the authorization decision is thus based on the authenticated identity or pseudonym; the verifying (and authorizing) party derives necessary access rights from this identity or pseudonym. Identity authentication of an authenticating party A to a verifying party (also called relying party) V can be achieved using a digital certificate certifying the linking between A s public key and his identity; this linking is certified (signed) by a trusted entity such as a certification authority CA. A can now convince V of his identity by proving knowledge of the associated private key. In this work, we will also discuss attribute authentication and attribute-based authorization. With attribute authentication, an authenticating party A convinces a verifying party V of the fact that A owns certain attributes; these attributes may but need not be unique to A and need not correspond to an identity. Examples of attributes are the right to access a certain resource or the age of the attribute holder. We will use the term proving ownership of an attribute both for proving the exact value of an attribute (access right, age) as for proving a property of the attribute (e.g., age 18). As is the case with identity authentication, the fact that A owns an attribute needs to be certified by a trusted authority. Using conventional certificates, this certification is realized by including the attributes in A s certificate. Using credentials as defined in Section 1.2.2, it is realized in a similar way, i.e., by the certificate issuer signing a piece of information including the attributes and a public value associated with A s secret. As with certificates, A can then prove ownership of an attribute certified in a credential by proving knowledge of this secret. Attribute-based authorization will then allow A to perform an action, such as accessing a resource, based on the ownership of one or more attributes, rather than on his identity or on access rights derived from it by a relying party. In the context of attribute-based authorization, the term attribute covers more than only the fields in a certificate or credential carrying that name. It may stand for any property of the certificate or credential, other than the identity of the certificate holder, from which the relying party can derive necessary privileges. E.g., the fact that the certificate or credential used for authentication is signed by a certain issuer (i.e., can be verified using a specific public key) may be considered to be an attribute. Also, attribute-based authorization does not exclude that the certificate or credential may contain an identity or pseudonym; only, the authorization decision is not based on it. E.g., in the Secure Electronic Transactions (SET) [104] protocol for credit card payments, the customer s account number is not visible
A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1
A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile
More informationPayment Systems for E-Commerce. Shengyu Jin 4/27/2005
Payment Systems for E-Commerce Shengyu Jin 4/27/2005 Reference Papers 1. Research on electronic payment model,2004 2. An analysis and comparison of different types of electronic payment systems 2001 3.
More informationShop floor design: layout, investments, cross-training, and labor allocation. Jos Bokhorst
Shop floor design: layout, investments, cross-training, and labor allocation Jos Bokhorst Published by: Labyrint Publications Pottenbakkerstraat 15-17 2984 AX Ridderkerk The Netherlands Tel: +31 (0) 1804-63962
More informationPRIME. Privacy and Identity Management for Everyone/Europe. Thomas Gross (IBM Research) with a PRIME hat on. www.prime-project.eu
PRIME Privacy & Identity Management for Europe PRIME Privacy and Identity Management for Everyone/Europe Thomas Gross (IBM Research) with a PRIME hat on www.prime-project.eu May 2007 2007 IBM Corporation
More informationAlternative authentication what does it really provide?
Alternative authentication what does it really provide? Steve Pannifer Consult Hyperion Tweed House 12 The Mount Guildford GU2 4HN UK steve.pannifer@chyp.com Abstract In recent years many new technologies
More informationLET S ENCRYPT SUBSCRIBER AGREEMENT
Page 1 of 7 LET S ENCRYPT SUBSCRIBER AGREEMENT This Subscriber Agreement ( Agreement ) is a legally binding contract between you and, if applicable, the company, organization or other entity on behalf
More informationA privacy-preserving ticketing system
A privacy-preserving ticketing system Kristof Verslype Pieter Verhaeghe Jorn Lapon Girma Nigusse Vincent Naessens Bart De Decker Report CW 523, October 2008 n Katholieke Universiteit Leuven Department
More informationComparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software
WHITE PAPER: COMPARING TCO: SYMANTEC MANAGED PKI SERVICE........ VS..... ON-PREMISE........... SOFTWARE................. Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software
More informationMerchants and Trade - Act No 28/2001 on electronic signatures
This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and
More informationSECTION.0100 - GENERAL ADMINISTRATION
1 1 1 1 1 1 0 1 0 1 SECTION.00 - GENERAL ADMINISTRATION.01 HOW TO CONTACT THE ELECTRONIC COMMERCE SECTION The North Carolina Department of the Secretary of State administers the Electronic Commerce Act.
More informationEricsson Group Certificate Value Statement - 2013
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
More information5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES
5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES 5 FAM 141 PURPOSE (CT-IM-112; 07-30-2010) (Office of Origin: IRM/OPS/ITI/SI/IIB) The purpose of this FAM chapter is to enable the Department to
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationTTP.NL Scheme. for management system certification. of Trust Service Providers issuing. Qualified Certificates for Electronic Signatures,
TTP.NL Scheme for management system certification of Trust Service Providers issuing Qualified Certificates for Electronic Signatures, Public Key Certificates, Website Certificates and / or Time-stamp
More informationDesign and Implementation of the idemix Anonymous Credential System
Design and Implementation of the idemix Anonymous Credential System Jan Camenisch and Els Van Herreweghen IBM Research, Zurich Research Laboratory 8803 Rüschlikon Switzerland {jca,evh}@zurich.ibm.com ABSTRACT
More informationNeutralus Certification Practices Statement
Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationNetwork-based Access Control
Chapter 4 Network-based Access Control 4.1 Rationale and Motivation Over the past couple of years, a multitude of authentication and access control technologies have been designed and implemented. Although
More informationQualified Electronic Signatures Act (SFS 2000:832)
Qualified Electronic Signatures Act (SFS 2000:832) The following is hereby enacted 1 Introductory provision 1 The purpose of this Act is to facilitate the use of electronic signatures, through provisions
More informationThe name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is.
Trustwave Subscriber Agreement for Digital Certificates Ver. 11JUL14 PLEASE READ THIS AGREEMENT AND THE TRUSTWAVE CERTIFICATION PRACTICES STATEMENTS ( CPS ) CAREFULLY BEFORE USING THE CERTIFICATE ISSUED
More informationLET S ENCRYPT SUBSCRIBER AGREEMENT
Page 1 of 6 LET S ENCRYPT SUBSCRIBER AGREEMENT This Subscriber Agreement ( Agreement ) is a legally binding contract between you and, if applicable, the company, organization or other entity on behalf
More informationGlossary of Key Terms
and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which
More informationComSign Ltd. TM. Security Certificate Approval Regulations For SSL Websites (CPS)
ComSign Ltd. TM Security Certificate Approval Regulations For SSL Websites (CPS) Version 1.2 Publication date: [14/12/2008 ] Recommended effective date: [14/12/2008] ComSign Building 4, Kiryat Atidim,
More informationCard Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark
More informationStrategies for the implementation of a Public Key Authentication Framework (PKAF) in Australia
Miscellaneous Publication Strategies for the implementation of a Public Key Authentication Framework (PKAF) in Australia SAA MP75 1996 STRATEGIES FOR THE IMPLEMENTATION OF A PUBLIC KEY AUTHENTICATION FRAMEWORK
More informationYork County Sheriff's Office Identity Theft Victim s Packet
York County Sheriff's Office Identity Theft Victim s Packet Information and Instructions This packet should be completed once you have received a copy of your police report from the York County Sheriff's
More informationCS 6262 - Network Security: Public Key Infrastructure
CS 6262 - Network Security: Public Key Infrastructure Professor Patrick Traynor 1/30/13 Meeting Someone New 2 What is a certificate? A certificate makes an association between a user identity/job/ attribute
More informationPrivacy in New Mobile Payment Protocol
in New Mobile Payment Protocol Tan Soo Fun, Leau Yu Beng, Rozaini Roslan, and Habeeb Saleh Habeeb Abstract The increasing development of wireless networks and the widespread popularity of handheld devices
More informationMeeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)
Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4
More informationGEOSURE PROTECTION PLAN
GEOSURE PROTECTION PLAN I. SCOPE/INTRODUCTION The GeoSure Protection Plan is designed to provide protection against economic loss resulting from specific types of risks associated with certain SSL Certificates
More informationCALIFORNIA SOFTWARE LABS
; Digital Signatures and PKCS#11 Smart Cards Concepts, Issues and some Programming Details CALIFORNIA SOFTWARE LABS R E A L I Z E Y O U R I D E A S California Software Labs 6800 Koll Center Parkway, Suite
More informationCS 6262 - Network Security: Public Key Infrastructure
CS 6262 - Network Security: Public Key Infrastructure Professor Patrick Traynor Fall 2011 Meeting Someone New 2 What is a certificate? A certificate makes an association between a user identity/job/ attribute
More informationBuilding Consumer Trust Internet Payments
Building Consumer Trust Internet Payments Leading Co-Chair (Europe/Africa): Co-Chair (Asia/Oceania): Hermann-Josef Lamberti Executive Vice President & Member of the Board Deutsche Bank Toshiro Kawamura
More informationComSign Ltd. Certification Practice Statement (CPS)
ComSign Ltd. Certification Practice Statement (CPS) Procedures relating to issuing electronic certificates that comply with provisions of the Electronic Signature Law and its regulations. Version 3. 1.1.
More informationNON-REPUDIATION WITH MANDATORY PROOF OF RECEIPT
NON-REPUDIATION WITH MANDATORY PROOF OF RECEIPT ABSTRACT Tom Coffey and Puneet Saidha University of Limerick Ireland Non-repudiation allows an exchange of data between two principals in such a manner that
More informationOpinion 04/2012 on Cookie Consent Exemption
ARTICLE 29 DATA PROTECTION WORKING PARTY 00879/12/EN WP 194 Opinion 04/2012 on Cookie Consent Exemption Adopted on 7 June 2012 This Working Party was set up under Article 29 of Directive 95/46/EC. It is
More informationAdobe PDF for electronic records
White Paper Adobe PDF for electronic records Digital signatures and PDF combine for definitive electronic records and transactions Contents 1 PDF and electronic records 2 Digital certification 3 Validating
More informationDigital identity: Toward more convenient, more secure online authentication
Digital identity: Toward more convenient, more secure online authentication For more than four decades, the familiar username/password method has been the basis for authentication when accessing computer-based
More informationUnderstanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions
Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,
More informationPart III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure
More informationAuthentication Application
Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be
More informationCSE543 - Introduction to Computer and Network Security. Module: Public Key Infrastructure
CSE543 - Introduction to Computer and Network Security Module: Public Key Infrastructure Professor Trent Jaeger 1 Meeting Someone New Anywhere in the Internet 2 What is a certificate? A certificate makes
More informationA Practical Guide to Dutch Building Contracts
A Practical Guide to Dutch Building Contracts A Practical Guide to Dutch Building Contracts M.A.B. Chao-Duivis A.Z.R. Koning A.M. Ubink 3 rd edition s-gravenhage - 2013 3 rd edtion ISBN 978-90-78066-76-7
More informationUnderstanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions
A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More informationIEEE Journal of Selected Areas in Communications, VOL?, NO.?,? 2000 1 Design, Implementation and Deployment of the ikp Secure Electronic Payment System Mihir Bellare, Juan A. Garay, Ralf Hauser, Amir Herzberg,
More informationApple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.
Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
More informationIntrinsic Limitations of Digital Signatures and How to Cope With Them
Intrinsic Limitations of Digital Signatures and How to Cope With Them Ueli Maurer Department of Computer Science ETH Zurich CH-8092 Zurich, Switzerland, maurer@inf.ethz.ch Abstract. Digital signatures
More informationCHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS
70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and
More informationStrategic Interactions in Franchise Relationships. Evelien Croonen
Strategic Interactions in Franchise Relationships Evelien Croonen Publisher: Labyrinth Publications Pottenbakkerstraat 15 17 2984 AX Ridderkerk The Netherlands Print: Offsetdrukkerij Ridderprint B.V.,
More informationDr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
More informationNational Certification Authority Framework in Sri Lanka
National Certification Authority Framework in Sri Lanka By Rohana Palliyaguru Manager Operations & Principal Information Security Engineer What is digital Signature? According to UNCITRAL Text 25. Digital
More informationForms Packet Copyright 2013
Forms Packet Copyright 2013 ACES Print only what is needed The instructions and terms/conditions must be read but do not need to be printed. Please print only the pages you need to send to IdenTrust. For
More informationLAW ON PLEDGE OF MOVABLE ASSETS REGISTERED IN THE PLEDGE REGISTRY I. GENERAL PROVISIONS
LAW ON PLEDGE OF MOVABLE ASSETS REGISTERED IN THE PLEDGE REGISTRY (Published in the Official Gazette of the Republic of Serbia No. 57/03, 61/05, 64/06) I. GENERAL PROVISIONS Subject Matter of the Law Art.
More informationPrivacy Policy. February, 2015 Page: 1
February, 2015 Page: 1 Revision History Revision # Date Author Sections Altered Approval/Date Rev 1.0 02/15/15 Ben Price New Document Rev 1.1 07/24/15 Ben Price Verify Privacy Grid Requirements are met
More informationSecuring your Online Data Transfer with SSL
Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does
More informationCertification Practice Statement
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
More informationLand Registry. Version 4.0 10/09/2009. Certificate Policy
Land Registry Version 4.0 10/09/2009 Certificate Policy Contents 1 Background 5 2 Scope 6 3 References 6 4 Definitions 7 5 General approach policy and contract responsibilities 9 5.1 Background 9 5.2
More informationQualified mobile electronic signatures: Possible, but worth a try?
Qualified mobile electronic signatures: Possible, but worth a try? Lothar Fritsch 1, Johannes Ranke 2, Heiko Rossnagel 1 Interest level of audience: 3 - for application developers (interested in IT security)
More informationModule 7 Security CS655! 7-1!
Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed
More informationDigital Certificate Infrastructure
Digital Certificate Infrastructure Frequently Asked Questions Providing secure, low cost, and easy access to distributed instructional and research resources is a growing problem for campus library and
More informationThe Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems
The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems Becky Cutler Rebecca.cutler@tufts.edu Mentor: Professor Chris Gregg Abstract Modern day authentication systems
More informationDigital Identity Management
Digital Identity Management Techniques and Policies E. Bertino CS Department and ECE School CERIAS Purdue University bertino@cs.purdue.edu Digital Identity Management What is DI? Digital identity (DI)
More informationSERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security
International Telecommunication Union ITU-T Y.2740 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (01/2011) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS
More informationREPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE
REPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE CHAPTER I. GENERAL PROVISIONS... 1 ARTICLE 1. Purpose of the Law... 1 ARTICLE 2. Basic Definitions of this Law... 2 CHAPTER II. SIGNATURE CREATION, VERIFICATION,
More informationGlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS)
GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS) Version 1.1 PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE DIGITAL CERTIFICATE ISSUED TO YOU
More informationSecuring your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.
More informationLaw of the Republic of Azerbaijan on Electronic Signature and Electronic Document
Law of the Republic of Azerbaijan on Electronic Signature and Electronic Document This law sets organizational, legal grounds for use of Electronic signature and Electronic document, their application
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationSECURITY IN ELECTRONIC COMMERCE - SOLUTION MULTIPLE-CHOICE QUESTIONS
MULTIPLE-CHOICE QUESTIONS Each question has only one correct answer, which ought to be clearly pointed out with an 'X'. Each question incorrectly answered will be evaluated as minus one third of the mark
More informationIntroduction. About Image-X Enterprises. Overview of PKI Technology
Digital Signature x Introduction In recent years, use of digital or electronic signatures has rapidly increased in an effort to streamline all types of business transactions. There are two types of electronic
More informationController of Certification Authorities of Mauritius
Contents Pg. Introduction 2 Public key Infrastructure Basics 2 What is Public Key Infrastructure (PKI)? 2 What are Digital Signatures? 3 Salient features of the Electronic Transactions Act 2000 (as amended)
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationEvaluation of different Open Source Identity management Systems
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
More informationWhite Paper: Multi-Factor Authentication Platform
White Paper: Multi-Factor Authentication Platform Version: 1.4 Updated: 29/10/13 Contents: About zero knowledge proof authentication protocols: 3 About Pairing-Based Cryptography (PBC) 4 Putting it all
More informationWhat Are Certificates?
The Essentials Series: Code-Signing Certificates What Are Certificates? sponsored by by Don Jones W hat Are Certificates?... 1 Digital Certificates and Asymmetric Encryption... 1 Certificates as a Form
More informationHow To Create A Mobile Payment Framework
Modelling, Design, and Analysis of Secure Mobile Payment Systems Supakorn Kungpisdan A Thesis Submitted for Fulfillment of the Requirements for the Degree of Doctor of Philosophy Faculty of Information
More informationOn-line Paperless Insurance Applications
B u s i n e s s B r i e f On-line Paperless Insurance Applications by Jothy Rosenberg, CTO & Co-founder The Insurance industry s need for on-line paperless applications is great. Successfully deploying
More informationPrivacy by Design in Federated Identity Management
1 Privacy by Design in Federated Identity Management Interpreting Legal Privacy Requirements for FIM and Comparing Risk Mitigation Models 2015 International Workshop on Privacy Engineering IWPE 15 - MAY
More informationConcept of Electronic Approvals
E-Lock Technologies Contact info@elock.com Table of Contents 1 INTRODUCTION 3 2 WHAT ARE ELECTRONIC APPROVALS? 3 3 HOW DO INDIVIDUALS IDENTIFY THEMSELVES IN THE ELECTRONIC WORLD? 3 4 WHAT IS THE TECHNOLOGY
More informationUnderstanding Digital Certificates and Wireless Transport Layer Security (WTLS)
Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Author: Allan Macphee January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What
More informationBuilding an Anonymous Public Storage Utility Wesley Leggette Cleversafe
Building an Anonymous Public Storage Utility Wesley Leggette Cleversafe Utility Storage r Many different target audiences r Business r Content distribution r Off-site backup r Archival r Consumer r Content
More informationUnderstanding Digital Certificates and Secure Sockets Layer (SSL)
Understanding Digital Certificates and Secure Sockets Layer (SSL) Author: Peter Robinson January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What are they?
More informationState of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008
State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008 Background In the last ten years Arkansas has enacted several laws to facilitate electronic transactions
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationETSI TR 102 071 V1.2.1 (2002-10)
TR 102 071 V1.2.1 (2002-10) Technical Report Mobile Commerce (M-COMM); Requirements for Payment Methods for Mobile Commerce 2 TR 102 071 V1.2.1 (2002-10) Reference RTR/M-COMM-007 Keywords commerce, mobile,
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationWest Palm Beach Police Department s Identity Theft Victim s Packet
West Palm Beach Police Department s Identity Theft Victim s Packet Information and Instructions This packet should be completed once you have contacted West Palm Beach Police Department and obtained a
More informationWeb Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn
Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to
More informationRealize Greater Profits As An Authorized Reseller Of Network Solutions nsprotect Secure SSL Certificates
Network Solutions Secure Services Realize Greater Profits As An Authorized Reseller Of Network Solutions nsprotect Secure s The Federal Trade Commission (FTC) estimates that 3.2 million US citizens every
More informationNational Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016
National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION
More informationTasks, hierarchies, and flexibility
Tasks, hierarchies, and flexibility Planning in Food Processing Industries Wout van Wezel Uitgever: Labyrint Publication Postbus 662 2900 AR Capelle a/d IJssel Nederland Drukwerk: ISBN 90-72591-98-4 2001,
More information10 Secure Electronic Transactions: Overview, Capabilities, and Current Status
10 Secure Electronic Transactions: Overview, Capabilities, and Current Status Gordon Agnew A&F Consulting, and University of Waterloo, Ontario, Canada 10.1 Introduction Until recently, there were two primary
More informationHKUST CA. Certification Practice Statement
HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationOn the Limits of Anonymous Password Authentication
On the Limits of Anonymous Password Authentication Yan-Jiang Yang a Jian Weng b Feng Bao a a Institute for Infocomm Research, Singapore, Email: {yyang,baofeng}@i2r.a-star.edu.sg. b School of Computer Science,
More informationQUT Digital Repository: http://eprints.qut.edu.au/
QUT Digital Repository: http://eprints.qut.edu.au/ Suriadi, Suriadi and Foo, Ernest and Josang, Audun (2009) A user-centric federated single sign-on system. Journal of Network and Computer Applications,
More informationUnderstanding E-Signatures: A Beginner s Guide
Understanding E-Signatures: A Beginner s Guide Content Summary 1 Overview 2 Technology / Terminology Electronic signatures have seen significant adoption in the past decade within insurance, lending, government
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationA Privacy-Preserving Ticketing System
A Privacy-Preserving Ticketing System Kristof Verslype 1, Bart De Decker 1, Vincent Naessens 2, Girma Nigusse 1, Jorn Lapon 2 and Pieter Verhaeghe 1 1 Katholieke Universiteit Leuven, Department of Computer
More information