Achieving secure and flexible M-services through tickets

Wang, Hua and Zhang, Yanchun and Cao, Jinli and Varadharajan, Vijay (2003) Achieving secure and flexible M-services through tickets. Systems, Man, and Cybernetics. Part A, 33 (6). pp. 697-708. ISSN 1083-4427


Download (487kB)


Web services via wireless technologies, mobile services (M-services), HTTP, and XML have become important for conducting business. W3C XML Protocol Working Group has been developing standard techniques such as Web Services Description Language (WSDL), simple object access protocol (SOAP), universal description discovery and integration (UDDI). However, at this stage, there is no standard technique for access control in M-services. This paper describes a secure and flexible access control scheme and protocol for M-services based on role based access control (RBAC). The access control architecture involves a Trusted Credential Center (TCC), a Trusted Authentication and Registration Center (TARC) and a secure ticket based mechanism for service access. Users and service providers register with the TARC and are authenticated. Based on this, tickets are issued by the TCC to users. Tickets carry authorization information needed for the requested services. In particular, we are able to specify access control polices based on roles. The protocols between the various entities in the model are protected using appropriate security mechanisms such as signatures which are used to verify correctness of the requested service, as well as to direct billing information to the appropriate user. Our architecture supports efficient authentication of users and service providers over different domains and provides a secure access model for services to users. Our model is also able to support anonymity of users. Only the TARC is able to identify misbehaving users. We believe that the proposed architecture forms a good basis for achieving a secure and flexible M-service system.

Statistics for USQ ePrint 3162
Statistics for this ePrint Item
Item Type: Article (Commonwealth Reporting Category C)
Refereed: Yes
Item Status: Live Archive
Additional Information: © 2003 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Faculty/School / Institute/Centre: Historic - Faculty of Sciences - Department of Maths and Computing (Up to 30 Jun 2013)
Faculty/School / Institute/Centre: Historic - Faculty of Sciences - Department of Maths and Computing (Up to 30 Jun 2013)
Date Deposited: 26 Oct 2007 00:41
Last Modified: 02 Jul 2013 22:50
Uncontrolled Keywords: access control architecture, anonymity, RBAC, secure M-services, ticket based access control
Fields of Research (2008): 15 Commerce, Management, Tourism and Services > 1503 Business and Management > 150301 Business Information Management (incl. Records, Knowledge and Information Management, and Intelligence)
08 Information and Computing Sciences > 0807 Library and Information Studies > 080708 Records and Information Management (excl. Business Records and Information Management)
08 Information and Computing Sciences > 0804 Data Format > 080402 Data Encryption
Fields of Research (2020): 35 COMMERCE, MANAGEMENT, TOURISM AND SERVICES > 3503 Business systems in context > 350302 Business information management (incl. records, knowledge and intelligence)
46 INFORMATION AND COMPUTING SCIENCES > 4610 Library and information studies > 461009 Recordkeeping informatics
46 INFORMATION AND COMPUTING SCIENCES > 4604 Cybersecurity and privacy > 460401 Cryptography
Identification Number or DOI:

Actions (login required)

View Item Archive Repository Staff Only