A privacy-enhanced access control

It is sometimes necessary to access a server anonymously when the Internet or an electronic commerce application is used. In the present paper, for this need there is proposed a new system that uses an SPKI (Simple Public Key Infrastructure) framework in order to provide service with an emphasis on privacy. The proposed system does not require ID information and other personal information to be presented to the server. In short, only the information relating to the corresponding service is included in the certificate submitted to the server for utilization of the service, and not the ID information of the client. However, even though this is a system of anonymous access, it is not a framework that allows unlimited access, such as anonymous FTP (File Transfer Protocol). The SPKI framework itself only determines the format of the certificate, and does not provide a methodology for selecting or managing users. Therefore, in this paper, a new framework is proposed, and controlled anonymous access is shown to be obtainable by this framework. This paper will also discuss advantages of the proposed system, its anonymity, management, security, and the processing for certificate revocation.