An electronic cash scheme and its management

Abstract

A secure electronic cash scheme and its role-based access control (RBAC) management are proposed in this paper. The scheme uses electronic cash for payment transactions. In this protocol, from the viewpoint of banks, consumers can improve anonymity if they are worried about disclosure of their identities. A new role called anonymity provider agent (AP) provides a highly anonymous certificate for consumers during a payment processing. The role AP certifies re-encrypted data after verifying the validity of the content from consumers, but with no private information of the consumers required. Each consumer can get a required anonymity level through this new method, depending on the available time, computation and cost. Consumers can also use different banks (cross-payment) and anonymity provider agents (multiple APs) without double-spending problems. Role-based access control is widely used in system management and products since its advantages such as reducing administration cost and complexity. However, conflicting problems may arise between roles when RBAC is applied for system management. For example, mutually exclusive roles may be granted to a user with RBAC and the user may have or derive a high level of authority. To solve these problems, we analyze the duty separation constraints of the roles and role hierarchies in the scheme, then discuss how to grant a role to a user.