One-time authorization for off-line interactions

Ubiquitous application environments are characterized by lack of on-line access to communication facilities and lack of a priori trust among parties. In this paper we present an access control scheme suited to these environments that allows a user to get authorized access to a service based on the one-time credential concept. In this scheme, the user and the service provider do not need to be part of the same organization or to trust one another. The verification of the user’s credential can be performed without any communication with a third party system, since the validity of each one-time credential can be locally checked by each service provider. The one-time property of credentials further prevents double use of an access right by the user subsequently attempting to access several service providers. The one-time property and the resulting double use prevention rely on a penalty mechanism whereby a cheating user looses some money he/she deposited as a guarantee of his/her loyalty prior to a serie of service accesses. The one-time property does not require a common trust structure encompassing clients and servers in that it only has recourse to a universal enforcement mechanism based on money.