In this study, the authors propose a hybrid identity certificate – attribute certificate public key infrastructure (PKI) model with elements of anonymity, applicable to general purpose electronic identities, which aims to defend personal information privacy, hinder user tracking and preserve the free will of its users. The authors analyse the associated processes, the certificate contents and the roles of the parties involved. The authors’ motive for its formulation is the belief that research previously done in this field is either too restrictive, too proprietary, too difficult to implement, or a combination of the above. In addition, the PKIs that have been deployed in most countries, both public and private, do not in the authors view protect personal information privacy. Instead, the authors propose a model that adheres to standards, is easy to implement, requires as little as possible application development for integration into commercial PKI systems, is suitable for large-scale deployment and concedes little in the protection of personal information privacy.

With the benefits of portability and mobility, laptops have become more and more popular. People usually believe that their personal laptop is safe, and they store sensitive data in it. However, when a laptop is stolen, a malicious thief can obtain illegitimate benefits by extracting sensitive data from the laptop. For this reason, several security mechanisms for protecting sensitive data on laptops have been designed. Kao et al. (2012) designed a protocol (MELP) that allowed laptop users to use their mobile phones as the encryption key to protect their files. Although the mobile-based mechanism is secure, the authors still believe that it is limited by third-generation mobile devices and online data encryption/decryption. In this study, the authors present their design about a novel scheme based on secret-sharing technique. In the authors’ proposed scheme, users can easily encrypt/decrypt their laptop data offline, that is, without access to the Internet. Furthermore, the authors’ security analysis shows that their scheme satisfies all of the essential requirements for security and functionality. Also, the authors’ performance analysis indicates that their proposed scheme has better efficiency, which makes it suitable for use in protecting the data stored on laptops.

Along with the rapid development of network-based cloud computing, security has become an important element. When a media corporation stores its programs in public clouds, it is important to authorise the consumers to enjoy the stored program by electronic payment. To protect the consumers’ privacy and save the bandwidth, the authors propose an anonymous multi-receiver remote data retrieval model for pay-TV in public clouds. In the security model, they consider the malicious public cloud server (PCS), malicious corporation and malicious consumer. The authors’ scheme can withstand the malicious PCS, malicious corporation and malicious consumer. At last, the authors give the computation efficiency analysis, communication efficiency analysis and flexibility analysis. Their analysis shows that their scheme is provably secure and efficient.

Recently, number of mobile users and mobile banking applications are increased dramatically. The current mobile banking system unable to provide face-to-face transaction, that is, anyone can perform transaction by using proper secret code. This study proposes a new triangular based indexing method to authenticate the original account holder in mobile banking environment. A Delaunay triangulation indexing scheme has been designed for protecting biometric template and Voronoi vertex is calculated for verifying the authorised person. A novel algorithm has been developed for mutual authentication. To reduce key size, elliptic curve cryptography technique is adapted. Biometric key is generated for secure communication and also discusses the security aspects of the proposed method.

Maximum distance separable (MDS) matrices are widely used in the diffusion layers of block ciphers and hash functions. Inspired by Guo, Sajadieh and Wu et al.'s recursive construction of perfect diffusion layers from linear feedback shift registers (LFSRs), the authors further study how to construct perfect diffusion layers from LFSRs of Fibonacci and Galois architectures, and present a systematic analysis of 4 × 4 words diffusion layer constructed with those two structures. Compared with known results, the MDS matrices constructed by us have the advantage that their inverses are usually also MDS matrices, and can be efficiently implemented with the same computational complexity.

Public key infrastructures (PKIs) are proposed to provide various security services. Some security services such as confidentiality require key escrow in certain scenarios, whereas some others such as non-repudiation and authentication usually prohibit key escrow. Moreover, these two conflicting requirements can coexist for one PKI user. The popular solution in which each user has two different certificates and an escrow authority backs up all escrowed private keys faces the problems of efficiency and scalability. In this study, a novel key management infrastructure called RIKE+ is proposed to integrate the ‘inherent key escrow’ of identity-based encryption (IBE) into PKIs. In RIKE+ , (the hash value of) a user's PKI certificate also serves as a ‘revocable identity’ to derive the user's IBE public key, and the revocation of this IBE key pair is achieved by the certificate revocation of PKIs. Therefore the certificate binds the user with two key pairs, one of which is escrowed inherently and the other is not. Furthermore, RIKE+ employs chameleon hash to flexibly control the relationship between the certificate and the IBE key pair. In the case of certificate renewal and revocation, chameleon hash enables RIKE+ to manipulate the hash value of the new certificate, so the user's IBE key pair is not unconditionally changed unless it is necessary. RIKE+ is an effective certificate-based solution compatible with traditional PKIs and can be built on existing X.509 PKIs.