Slashdot Mirror

← Back to Stories (view on slashdot.org)

Digital Credentials Offer Enhanced Privacy

Posted by kdawson on from the cypherpunks-write-code dept.

John Q Random writes "Stefan Brands's company credentica.com announced their U-Prove library and SDK implementing ID tokens — also known as digital credentials or private credentials. (Private Credentials are a cool PKI replacement and anonymous e-cash tech that allows you to prove certified attributes like age, credit rating, group membership, etc. without revealing who you are; to allow you to have a digital life without the digital dossier effect inherent in a central databases.) Following this announcement, Adam Back announced credlib, an open source implementation of Brands credentials (and the older more basic Chaum certificates). These developments relate to recent news from IBM's Zurich labs on their identity-mixer project (previously discussed on Slashdot) that is based on the less efficient Jan Camenisch and Anna Lysyanskaya credentials."

3 of 49 comments (clear)

  1. anti-lending feature (Re:How?) by Anonymous Coward · · Score: 4, Informative

    They have an anti-lending option. Here's how it works: the credential can have multiple private keys, one of which has to be random and the others of which can be secrets you would not be happy to sell to a youngster. (Say like your credit card number, or any other info that could be risky to lend to someone). Without all of the private keys you cant use the credential, so the would be lender, or reseller cant transfer the credential without revealing secrets chosen to be risky to share.

    The CA or credential issuer, he sees secrets when the credential is issued, however you trust him not to abuse those secrets (and maybe you paid him with the same credit card number eg). However due to the crypto magic the CA cant observe nor trace your uses of the credential back to you even with full collusion with relying parties.

    In fact the privacy is unconditionally secure and the user has full control and doesnt have to trust anyone (not CA, not relying parties, etc) only that the software of his credential wallet software is correctly implemented. This software would typically be open source and peer reviewed.

    1. Re:anti-lending feature (Re:How?) by Anonymous Coward · · Score: 1, Informative

      You are correct that you cant ultimately prevent lending. Another secret you can put in the private keys is a large denomination ecash coin ... do you trust the guy you sold the credential to for $10 not to cash your $100 deposit?

      Well even that just means the minimum price of the credential resale is set by the issuer.

      There is also something called credential pooling, which means an issuer could make a unified credential which is simultaneously your authentication and credential for many important things, like bank account, mortgage, driving license, passport etc.

      You cant share part of the credential, only the whole credential so then it makes it so you cant share the trivial credential (like say age credential) with
      out sharing something that could get you into id theft issues etc.

      Maybe you can find some one who is really alcholic and destitute who has absolutely nothing to lose, but the set of people who would be willing to sell their id on that basis is much smaller.

      Anyway think of it more as a deterrence than 100% prevention.

      (Anyway even if one could somehow make it 100% impossible to transfer, there is still online renting... ie I leave my computer on, and leave my credential running, and set it up to answer over18 requests for other people for a fee).

  2. Re:I don't think you understand the tech... by Beryllium+Sphere(tm) · · Score: 2, Informative

    >Instead, you could use the verified IDs from certs/keys to look up information from a master DB, much like Brands and dozens of other interchangable knuckleheads are proposing.

    That is the exact opposite of what Dr. Brands is proposing, and the existence of a central database full of sensitive information is precisely the problem he's trying to prevent. How anyone could read his PhD thesis without understanding that is beyond my imagination.

    >you're still trusting a third party to only give out a piece of your total profile at a time.

    Not if they don't *have* your complete profile and see only a signed assertion of your age, or your blood type, or whatnot. Even cooler, you can disclose the result of a Boolean without disclosing the terms inside it: with a Brands credential you could assert "either over 18 or an emancipated minor", for example.