Access control to confidential information in pervasive computing
environments is challenging for multiple reasons: First, a client
requesting access might not know which access rights are necessary in
order to be granted access to the requested information. Second,
access control must support flexible access rights that include
context-sensitive constraints. Third, pervasive computing environments
consist of a multitude of information services, which makes simple
management of access rights essential. We discuss the shortcomings of
existing access-control schemes that rely on either clients presenting
a proof of access to a service or services encrypting information
before handing the information over to a client. We propose a
proof-based access-control architecture that employs hierarchical
identity-based encryption in order to enable services to inform
clients of the required proof of access in a covert way, without
leaking information. Furthermore, we introduce an encryption-based
access-control architecture that exploits hierarchical identity-based
encryption in order to deal with multiple, hierarchical constraints on
access rights.  We present an example implementation of our proposed
architectures and discuss the performance of this implementation.