Archives for posts with tag: anonymous credentials

In the IRMA (I Reveal My Attributes) project we are working to make attribute based credentials practical. IRMA provides very efficient implementations of such credentials on (contactless) smart cards. This allows us to use the smart card as a secure and portable container for these credentials. One of the things we have been looking at is possible use cases. Last week I discussed how the IRMA card can be used to stop the resale of event tickets. In this blog post I will discuss an almost trivial application: proving age bounds.

Read the rest of this entry »

In the IRMA (I Reveal My Attributes) project we are working to make attribute based credentials practical. One of the things we have been looking at is possible use cases for such credentials, especially when they are implemented on a (contactless) smart card. One particularly interesting use case is the sale of tickets for events.

Read the rest of this entry »

In this rather long post, I’d like to discuss the practical difficulty of securely collecting and combining attributes from different contexts when one starts using a system based on attribute based credentials. How do you determine that two separate contexts really belong to the same person? How do you ensure that a few people colluding cannot create a supercredential combining their individual attributes.

Read the rest of this entry »

Anonymous credentials are a privacy enhancing technology that allow you to prove certain properties about yourself, without revealing your full identity. Examples are showing your age, your gender, whether you are a member of a certain group, or your nationality, among others. Privacy advocates are advocating the widespread use of such technology. However, if a worldwide infrastructure for anonymous credentials would exist, this would actually create a funny privacy problem.
Read the rest of this entry »

In a previous blog post I argued that identity cards should not be used to store anonymous credentials. The reason being that users may not believe that a card that is used to identify them in one context, can also be used anonymously in another. But last Friday, in a meeting with Martijn Oostdijk among others, I heard an interesting reason why anonymous credentials perhaps should be stored on an identity card anyway.

Read the rest of this entry »

Germany has recently issued an identity card, that includes a very basic system for using anonymous credentials. Other countries, including the Netherlands, are considering a similar approach. Such a plastic identity card also contains a smart card chip that allows the card to be used in on-line transactions with service providers

  • to establish the identity of the bearer with high confidence,
  • to put an electronic signature on documents, or
  • to disclose your age or other attribute while remaining anonymous.

While studying these systems, we started wondering whether users would really believe that when disclosing an attribute using such an identity card, no additional personal data is actually revealed in the process. Because when you think of it, using an identity card (whose purpose is to prove your identity) as a means to reveal a certain attribute anonymously seems counter-intuitive at best. It will be very hard to convince the general public that the system can be trusted and is indeed privacy friendly.

Read the rest of this entry »