Abstract
Privacy remains an issue for IT services. Users are concerned that their history of service use may be traceable since each user is assigned a single identifier as a means of authentication.
In this paper, we propose a perfectly anonymous attribute authentication scheme that is both unidentifiable and untraceable. Then, we present the evaluation results of a prototype system using a PC and mobile phone with the scheme. The proposed scheme employs a self-blindable certificate that a user can change randomly; thus the certificate is modified for each authentication, and the authentication scheme is unidentifiable and untraceable. Furthermore, our scheme can revoke self-blindable certificates without leaks of confidential private information and check the revocation status without online access.
