A lightweight conditional privacy-preserving authentication and access control scheme for pervasive computing environments

In pervasive computing environments, the users can get access to the services from the service providers in a highly desirable way. But the security of the user's authentication is a challenging field. Pervasive computing environments must provide the service to only legitimate users. On the other hand, some users attempt to keep their anonymity without revealing their identities while using some privacy-related services such as location information, printing, buying shares, etc. In this paper, we propose a conditional privacy-preserving authentication and access control scheme for pervasive computing environments, called CPriauac. Compared with the previous schemes in the literature, registration servers and authentication servers in the proposed scheme need not maintain any sensitive verification tables. The management of public keys is easier. Furthermore, the anonymity of the user can be removed efficiently once the dispute happens. The proposed scheme provides user anonymity against outside and inside parties, mutual authentication, accountability and differentiated access control. (c) 2012 Elsevier Ltd. All rights reserved.