DISTRIBUTED USER IDENTIFICATION BY ZERO-KNOWLEDGE ACCESS RIGHTS PROVING

A scheme for identifying the rights of users to access files in a computer network with many servers is presented. Users are granted rights by an authority, and serves need only a certified list of available access rights in order to perform access control. A server stores no information about the users, neither access matrix nor passwords-user portability-, which enables the authority to perform user registration, rights granting and rights revocation independently of servers; moreover, the latter two are public operations in the clear. The number of rights shared by more than one user throughout the network is a lower bound for the number of secret pieces held by each user, but his unshared rights can be increased indefinitely without changing or increasing his secret information. Rights possession proofs are zero-knowledge and simultaneous.