By Topic

P-DIBS: Pseudonymised DIstributed Billing System for Improved Privacy Protection

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Vincenzo Falletta ; CNIT / Università di Roma "Tor Vergata", Italy. ; Simone Teofili ; Saverio Proto ; Giuseppe Bianchi

The deployment of payment systems protective of the customer privacy is an hard challenge. Accountability and payment seem to require a direct link to the customer credentials (e.g. his credit card number or bank account), this exposes the user to be profiled on his habits. Static and uniquely identified mappings to user credentials, hold by a trusted third party, may vanish all the parallel anonymization/pseudonymisation efforts done to avoid disclosure of the user identity to the provider of the service. This paper proposes P-DIBS (pseudonymised distributed billing system), a billing framework devised to protect user privacy. P-DIBS is developed as an extension of a previously proposed pseudonymization mechanism. It relies on an intermediate brokerage entity, referred to as "Accounting Server", operating between the bank and the service provider on behalf of the end user, yet having no knowledge neither about his real identity nor about his real account number. A fundamental novelty of the proposed approach is the possibility, through a distributed procedure involving mutual interaction across the various system components, to guarantee linkability upon improper user behavior (e.g. misuses) without requiring a single trusted third party in the system to possess all the knowledge necessary to disclose the user.

Published in:

2007 16th IST Mobile and Wireless Communications Summit

Date of Conference:

1-5 July 2007