| We discuss the construction of a deployable and privacy-preserving identity management architecture addressing all aspects of electronic commerce using the existing privacy preserving cryptographic primitives, while at the same time guaranteeing compatibility with current business models. Absolute privacy, which in our case is consumers privacy, is defined as the combination of consumers anonymity and their transaction unlinkability; this is very commonly violated in today's online eCommerce world. It is apparent that, because of the monetary nature of most popular online activities, accountability is a prerequisite for every applicable privacy-enhancing mechanism. We present an architecture which addresses privacy issues raised in all aspects of eCommerce, including online advertising, online payments, delivery of online purchases, and merchant-buyer evaluation systems, and aims to prevent any unauthorized entity from building and distributing consumers profiles or tracing their transactions. In addition, as online transactions can affect consumers credit scores, and are strongly associated with consumers normal activities such as bank account management and taxation, we extended our privacy-preserving protocols to a card-based identity management architecture; this deals with many types of financial activities and consumers attributes. Card-loss related mechanisms, such as advanced card-owner authentication techniques, privacy-preserving card-content recovery, and automatic and recursive credentials invalidation are also addressed in our work. It is noteworthy that privacy is incorporated in our protocols as an option, i.e, it is guaranteed only if the individual choses to; the consumer always has the option of using the existing non-privacy preserving methods.;The combination of privacy with accountability and deployability to achieve proper operation of such a variety of user activities in a centralized manner constitutes both the main innovation and contribution of this work. Accountability is a critical requirement in all monetary eCommerce activities, while deployability is a prerequisite for protocols applicability. We consider deployability in three ways: (a) in our attack model, for which we make real world assumptions, (b) in the designed architecture, where we did not introduce changes in current systems structure, and (c) by integrating in our protocols useful properties that are currently supported, while incentivizing our protocols' application by offering monetary benefits to most system entities. |
