How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
How to win the clonewars: efficient periodic n-times anonymous authentication
Proceedings of the 13th ACM conference on Computer and communications security
Efficient attributes for anonymous credentials
Proceedings of the 15th ACM conference on Computer and communications security
Efficient proofs that a committed number lies in an interval
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
A card requirements language enabling privacy-preserving access control
Proceedings of the 15th ACM symposium on Access control models and technologies
Enabling Privacy-preserving Credential-based Access Control with XACML and SAML
CIT '10 Proceedings of the 2010 10th IEEE International Conference on Computer and Information Technology
Computer Networks: The International Journal of Computer and Telecommunications Networking
Privacy-Friendly cloud storage for the data track: an educational transparency tool
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
| Hi-index | 0.00 |
Classical authentication mechanisms have various drawbacks such as the weak security properties they achieve, users' privacy, service providers' data quality, and the necessary protection of the collected data. Credential-based authentication is a first step towards overcoming these drawbacks. When used with anonymous credentials, the personal data disclosed can be reduced to the minimum with respect to a business purpose while improving the assurance of the communicated data. However, this privacy-preserving combination of technologies is not used today. One reason for this lack of adoption is that a comprehensive framework for privacy-enhancing credential-based authentication is not available. In this paper we review the different components of such an authentication framework and show that one remaining missing piece is a translation between high-level authentication policies and the cryptographic token specification level. We close this gap by (1) proposing an adequate claim language specifying which certified data a user wants to reveal to satisfy a policy and by (2) providing translation algorithms for generating the anonymous credentials (cryptographic tokens) providing the data to be revealed. For the latter we consider the Identity Mixer and the U-Prove technologies, where we provide detailed translation instructions for the former.