Untransferable Rights in a Client-Independent Server Environment

A scheme for ensuring access rights untransferability in a client-server scenario with a central authority and where servers hold no access information about clients is presented in this paper; an extension to a multi- authority scenario is conceivable, since servers are also authority independent. Usurping a right with no information at all about other clients is for a client as hard as the discrete logarithm, and rights sharing between clients does not compromise their non-shared rights as long as RSA confidentiality holds. Transferring rights between clients without the authority’s contribution cannot be done unless RSA confidentiality is broken; however, only control on partial rights transfers is addressed in this paper, which does not deal with total identity transfer or alienation.