Agent-based one-shot authorisation scheme in a commercial extranet environment

Au, Wai Ki Richard (2005) Agent-based one-shot authorisation scheme in a commercial extranet environment. PhD thesis, Queensland University of Technology.


The enormous growth of the Internet and the World Wide Web has provided the opportunity for an enterprise to extend its boundaries in the global business environment. While commercial functions can be shared among a variety of

strategic allies - including business partners and customers, extranets appear to be

the cost-effective solution to providing global connectivity for different user groups.

Because extranets allow third-party users into corporate networks, they need to be extremely secure and external access needs to be highly controllable. Access control and authorisation mechanisms must be in place to regulate user access to information/resources in a manner that is consistent with the current set of policies

and practices both at intra-organisational and cross-organisational levels.

In the business-to-customer (B2C) e-commerce setting, a service provider faces a wide spectrum of new customers, who may not have pre-existing relationships established. Thus the authorisation problem is particularly complex. In this thesis, a new authorisation scheme is proposed to facilitate the service provider to

establish trust with potential customers, grant access privileges to legitimate users and enforce access control in a diversified commercial environment. Four modules with a number of innovative components and mechanisms suitable for distributed authorisation on extranets are developed:

  • One-shot Authorisation Module - One-shot authorisation token is designed as a flexible and secure credential for access control enforcement in client/server systems;

  • Token-Based Trust Establishment Module - Trust token is proposed for server-centric trust establishment in virtual enterprise environment.

  • User-Centric Anonymous Authorisation Module - One-task authorisation key and anonymous attribute certificate are developed for anonymous

authorisation in a multi-organisational setting;

  • Agent-Based Privilege Negotiation Module - Privilege negotiation agents are proposed to provide dynamic authorisation services with secure client agent environment for hosting these agents on user's platform

Impact and interest:

Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

506 since deposited on 03 Dec 2008
8 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 16708
Item Type: QUT Thesis (PhD)
Supervisor: Looi, Mark, Ashley, Paul, & Caelli, William
Keywords: distributed authorisation, extranet, Intranet, smart card, personal secure device, authentication, security architecture, security server, trust establishment, trust token, credential-based authorisation, one-shot authorisation token, one-task authorisation key, anonymous attribute certificate, key binding certificate, anonymous authorisation, referee server, privilege negotiation agent, authorisation agent, secure client agent environment
Divisions: Past > QUT Faculties & Divisions > Faculty of Science and Technology
Past > Institutes > Information Security Institute
Department: Faculty of Information Technology
Institution: Queensland University of Technology
Copyright Owner: Copyright Wai Ki Richard Au
Deposited On: 03 Dec 2008 04:08
Last Modified: 28 Oct 2011 19:51

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page