This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Electronic Identities Need Private Credentials
January/February 2012 (vol. 10 no. 1)
pp. 80-83
Jan Camenisch, IBM Research - Zurich
Anja Lehmann, IBM Research - Zurich
Gregory Neven, IBM Research - Zurich
For transactions on the Internet, user authentication typically involves usernames and passwords. When creating an account, users often must provide additional personal information. Usually, this is a list of self-claimed attributes such as name, address, or birth date. Only a few attributes such as email address and credit card information have some mechanism to authenticate them. Solutions such as the Security Assertion Markup Language, OpenID, or X.509 certificates let users authenticate and transfer attributes, certified by an issuer, to a relying party in a more trusted way. However, these technologies still have considerable security and privacy concerns. Private credentials are a superior solution. With them, issuers don't have to be involved during authentication. Also, users disclose only those attributes required by the relying parties and can do so without being easily tracked across their transactions.

1. D. Chaum, "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms," Comm. ACM, vol. 24, no. 2, 1981, pp. 84–88.
2. S. Brands, "Rethinking Public Key Infrastructure and Digital Certificates—Building in Privacy," PhD thesis, Eindhoven Inst. of Technology, 1999.
3. J. Camenisch and A. Lysyanskaya, "Efficient Non-transferable Anonymous Multi-show Credential System with Optional Anonymity Revocation," Advances in Cryptology—Eurocrypt 2001, LNCS 2045, Springer, 2001, pp. 93–118.
4. Microsoft U-Prove Community Technology Preview R2, Microsoft, 2011; https://connect. microsoft.comsite1188.
5. "Identity Mixer," blog; http:/idemix.wordpress.com.

Index Terms:
private credentials, X.509 certificates, identity management, cryptography, authentication, public keys, computer security
Citation:
Jan Camenisch, Anja Lehmann, Gregory Neven, "Electronic Identities Need Private Credentials," IEEE Security & Privacy, vol. 10, no. 1, pp. 80-83, Jan.-Feb. 2012, doi:10.1109/MSP.2012.7
Usage of this product signifies your acceptance of the Terms of Use.