An authorization and access control scheme for pervasive computing

The existence of a central security authority is too restrictive for pervasive computing environments. Existing distributed security schemes fail in a pervasive computing environment with limited terminals. Better fitted are schemes, that do not rely on the presence of a central security authority, yet allows for the application of a common security policy. This paper presents such a distributed security scheme, where pieces of information of the same sensitivity are grouped together and protected by a pair of private encryption/decryption keys. Users gain access to certain information by obtaining the key pair of the corresponding group. Depending on the security policy applied in a given environment, the keys can be obtained either directly by the security authority which issues the keys or by another user that possesses them. Similarly, depending on the applied security policies, the access to information may require the user to authenticate himself. In the scheme we present, the authentication is based on certificates that users may obtain from the security authority at an unsuspected time prior to the information access.