Security enhanced accountable anonymous PKI certificates for mobile e-commerce

This paper presents enhancements to an anonymous public-key certificate scheme originally intended for anonymous and fair document exchange. The appropriate use of these certificates may enable a party with access to a mobile phone and/or laptop computer to conduct multiple mobile e-commerce transactions anonymously yet accountably and thereby reduce the risk of developing a pseudonymous on-line profile. We propose modifications to the existing scheme to solve a recognised security flaw. The proof of rightful ownership of the anonymous/real public-key certificate presented to obtain a (further) anonymous public-key certificate is presently achieved with a single piece of evidence, i.e. the private key associated with the presented certificate. Should an adversary compromise this key, then the adversary may obtain anonymous certificates in the rightful owner's name. Our proposal minimises the risk of an adversary obtaining anonymous certificates with a compromised private key. © 2004 Elsevier B.V. All rights reserved.