Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Anonymous credentials on a standard java card
Proceedings of the 16th ACM conference on Computer and communications security
Credential authenticated identification and key exchange
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Analysis of revocation strategies for anonymous Idemix credentials
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
New directions in cryptography
IEEE Transactions on Information Theory
Electronic Identity Cards for User Authentication—Promise and Practice
IEEE Security and Privacy
| Hi-index | 0.00 |
Attribute-based credentials (ABCs) are building blocks for user-centric identity management. They enable the disclosure of a minimum amount of information about their owner to a verifier, typically a service provider, to authorise the credential owner for some service, application, or resource. By directly applying attribute-disclosure protocols, the data is revealed not only to the verifier, but anyone who has access to the communication channel. Moreover, as verifiers are not intrinsically authenticated, one can accidentally reveal attributes to the wrong party. Therefore, a secure channel has to be established between the prover and the verifier. Although efficient ABC smart-card implementations exist, not always can they perform all prover features. An equality proof, for instance, is essential in creating pseudonyms that enable temporary identification and eventually establishing a channel. Without this feature, other techniques have to be developed. In this paper we apply a more general notion of authentication that does not require card identification or pseudonyms. Based on this concept, we propose a security model that includes mutual authentication and setting up a channel between a card and a verifier. We present two efficient and provably secure protocols under standard assumptions in the random oracle model.