Archives for posts with tag: attribute based credentials

In a previous blog post I discussed the difference in security and flexibility between attribute based credentials (used in our IRMA project) and the German eID system. Now I will discuss the additional privacy protection offered by attributed based credentials, compared to a more centralised approach where attributes are stored on one or more central servers.

Read the rest of this entry »

In our IRMA project we develop a platform to support attribute based credentials (ABC) on a smart card. We believe the IRMA scheme is more secure and more flexible than the attestation based approach (as used by the German eID system, that use the placeholder name Mustermann on their sample cards). Below I will explain why.

Read the rest of this entry »

In the IRMA (I Reveal My Attributes) project we are working to make attribute based credentials practical. IRMA provides very efficient implementations of such credentials on (contactless) smart cards. This allows us to use the smart card as a secure and portable container for these credentials. One of the things we have been looking at is possible use cases. Last week I discussed how the IRMA card can be used to stop the resale of event tickets. In this blog post I will discuss an almost trivial application: proving age bounds.

Read the rest of this entry »

In the IRMA (I Reveal My Attributes) project we are working to make attribute based credentials practical. One of the things we have been looking at is possible use cases for such credentials, especially when they are implemented on a (contactless) smart card. One particularly interesting use case is the sale of tickets for events.

Read the rest of this entry »

In this rather long post, I’d like to discuss the practical difficulty of securely collecting and combining attributes from different contexts when one starts using a system based on attribute based credentials. How do you determine that two separate contexts really belong to the same person? How do you ensure that a few people colluding cannot create a supercredential combining their individual attributes.

Read the rest of this entry »