Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
Mental models: towards a cognitive science of language, inference, and consciousness
Mental models: towards a cognitive science of language, inference, and consciousness
CSCL '95 The first international conference on Computer support for collaborative learning
An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Securing user inputs for the web
Proceedings of the second ACM workshop on Digital identity management
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Mental Models: Aligning Design Strategy with Human Behavior
Mental Models: Aligning Design Strategy with Human Behavior
Hi-index | 0.00 |
Anonymous credentials are a fundamental technology for preserving end users' privacy by enforcing data minimization for online applications. However, the design of user-friendly interfaces that convey their privacy benefits to users is still a major challenge. Users are still unfamiliar with the new and rather complex concept of anonymous credentials, since no obvious real-world analogies exists that can help them create the correct mental models. In this paper we explore different ways in which suitable mental models of the data minimization property of anonymous credentials can be evoked on end users. To achieve this, we investigate three different approaches in the context of an e-shopping scenario: a card-based approach, an attribute-based approach and an adapted card-based approach. Results show that the adapted card-based approach is a good approach towards evoking the right mental models for anonymous credential applications. However, better design paradigms are still needed to make users understand that attributes can be used to satisfy conditions without revealing the value of the attributes themselves.