option to accept or deny the creation of two or more
accounts for the same user (figure 2).
4.5 Comparison
In comparison with the traditional mechanism, our
proposal guarantees an amount of information
necessary to the virtual sites in order to create an
account within the system. By this mean the
following results can be obtained:
– Companies which search customers’ information
will be able to trust in its validity and
authenticity.
– The distribution of information to malicious web
sites does not affect the customer in the real
world.
– The customer does not require interacting with
any web form.
– Companies can make supervision on the
activities and behaviour of the customer without
invading his/her identity’s privacy.
– The GI theft by Internet is limited.
– Companies can have the opportunity to link an
attacker in the real world.
– DPI theft reduces the risk of being used in real
world.
– The DPI publication does not affect a customers’
privacy in real world.
– Companies will be able to reduce the frauds
made by identity supplanted.
5 CONCLUSIONS
In this paper, we presented the use of genuine
identity in Internet. The main risks related with the
use of genuine identity in Internet and how can
affect a customer in the real world have been
explained. The proposal of the use of digital
pseudonym identity has been proposed for replacing
the use and distribution of genuine identity by web
forms. Digital pseudonym identity is an effort to
motivate the adoption of e-Commerce based in the
customer’s identity authenticity and validity.
Another aim is increasing the security in web sites
and reduces problems related with the identity theft.
Future work will be made in the design and
develop of data structure in where appears the DPI
profile structure information (like in the real world
DNI or passport) and can be verifiable its
authenticity and validity by any organization or
company.
ACKNOWLEDGEMENTS
This work has been partially supported by the
Spanish Research Council (CICYT) under the
project SECONNET (TSI2005-07293-C02-01).
REFERENCES
Casassa, M., Bramhall, P., Gittler, J., Pato, J., & Rees, O.
(2002, June 12). Identity management: A key e-
business enabler. Retrieved July 28, 2005, from
Hewlett-Packard Laboratories Web Site:
http://www.hpl.hp.com/techreports/2002/
Koch, M., & Wörndl, W. (2001). Community support and
identity management. In Proceedings of the 7th
European Conference on Computer Supported
Cooperative Work, 319-338.
Berthold, O., & Köhntopp, M. (2001). Identity
management based on P3P. In Proceedings of the
International Workshop on Design Issues in
Anonymity and Unobservability, 141-160.
Clifford, B. (1995). Security, payment, and privacy for
network commerce. IEEE Journal on Selected Areas
in Communications, 13, 1523-1531.
Smith, A., Pittman, S., & Clarke, R. (1999). Identification,
authentication and anonymity in legal context.
Retrieved June 7, 2005, from Australian National
University, Department of Computer Science Web
site:
http://www.anu.edu.au/people/Roger.Clarke/DV
Arnold, T., (2000, June). Internet identity theft -A tragedy
for victims-. SIIA. Retrieved from
http://ctl.ncsc.dni.us/publicaccess/states/otherresources
/articles/whitepaper-internetidtheft-2000.pdf
Tygar, J., & Whitten, A. (1996). WWW Electronic
commerce and java trojan horses. In Proceedings of
the 2nd USENIX Workshop on Electronic Commerce,
243-250.
Pfitzmann, A., & Köhntopp, M. (2001). Anonymity,
unobservability, and pseudonymity –A proposal for
terminology. In Proceedings of the International
Workshop on Design Issues in Anonymity and
Unobservability, 1-9.
Figure 2: DPI Profile Structure.
SECRYPT 2006 - INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY
94