| 摘要 |
A user authentication system and method for a communications network is provided. The credential authority publishes an accumulator and issues tokens and credentials to the users who are authorized to access a service. The user computes by himself a deriv ed credential based on the credential issued by the credential authority, and proves to th e verifier using the derived credential. If a new user is authorized, other users and the verifie r need not update any data. If a user ever authorized is banned, i.e., his/her token is revoke d, the credential authority computes the updated accumulator based on the token issued to the banned user, and publishes a revocation increment data comprising the updated accumulator and the increment data about the revoked token. Other users compute their updated credentials by themselves based on the updated revocation increment data received. The revocation increment data can be published in several forms, and propagated among the credential authority , the users and the verifiers quickly.
|
