Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
How to construct random functions
Journal of the ACM (JACM)
A secure and privacy-protecting protocol for transmitting personal information between organizations
Proceedings on Advances in cryptology---CRYPTO '86
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Design and implementation of the idemix anonymous credential system
Proceedings of the 9th ACM conference on Computer and communications security
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
An integrated experimental environment for distributed systems and networks
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
A practical system for globally revoking the unlinkable pseudonyms of unknown users
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Minimal credential disclosure in trust negotiations
Proceedings of the 4th ACM workshop on Digital identity management
Proceedings of the 8th Symposium on Identity and Trust on the Internet
Is that really you?: an approach to assure identity without revealing real-name online
Proceedings of the 5th ACM workshop on Digital identity management
Redactable signatures on data with dependencies and their application to personal health records
Proceedings of the 8th ACM workshop on Privacy in the electronic society
Healthcom'09 Proceedings of the 11th international conference on e-Health networking, applications and services
User-centric handling of identity agent compromise
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Supporting privacy preferences in credential-based interactions
Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
A Game Theoretic Approach to Optimize Identity Exposure in Pervasive Computing Environments
International Journal of Information Security and Privacy
Customer-centric energy usage data management and sharing in smart grid systems
Proceedings of the first ACM workshop on Smart energy grid security
Hi-index | 0.00 |
Public-key based certificates provide a standard way to prove one's identity, as attested by some certificate authority (CA). However, plain certificates provide a binary identification: either the whole identity of the subject is known, or nothing is known. We propose using a Merkle hash tree structure, whereby it is possible for a single certificate to contain many separate claims or attributes, each of which may be proved independently, without revealing the others. Additionally, we demonstrate how trees from multiple sources can be combined together by modifying the tree structure. This allows claims by different authorities, such as an employer or professional organization, to be combined under a single certificate, without the CA needing to know (or to verify) all of the claims. In addition to describing the hash tree structure and protocols for constructing and verifying our proposed credential, we formally prove that it provides unforgeability and privacy and we present performance results demonstrating its efficiency. As services move from user names and passwords to attribute-based identity verification, efficiency and scalability of claims verification will become a major issue. We have implemented a prototype client-server system, deployed the prototype in Emulab, and evaluated the server-side throughput for attribute-based identity verification. The results show that our approach can perform about 200 identity verifications per second, while the best competing approach can perform only about 2--5 verifications per second. Our approach is, therefore, better suited to today's high-volume Web-based services that demand the highest possible throughput.