Abstract
Exchange of attribute certificates is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is a promising approach to regulating the exchange of sensitive information during this process. It has been a fundamental but challenging problem to preserve the privacy of the two negotiation parties during the period of ATN. We present the enhanced hidden credentials and improved concurrent zero-knowledge proof protocol. Based on the above technologies, we propose an ATN for e-business applications, named CASTLE. CASTLE can not only enable the oblivious and selective usage of an attribute or a certificate, but also be resistible for many attacks, especially conspiracy attack. We illustrate the usage of CASTLE through a typical example.