Anonymous Credential-Based Privacy-Preserving Identity Verification for Business Processes

2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing Pub Date : 2014-07-02 DOI:10.1109/IMIS.2014.80

Nan Guo, Y. Jin, Kangbin Yim

{"title":"Anonymous Credential-Based Privacy-Preserving Identity Verification for Business Processes","authors":"Nan Guo, Y. Jin, Kangbin Yim","doi":"10.1109/IMIS.2014.80","DOIUrl":null,"url":null,"abstract":"During the execution of a business process users need to be authenticated by multiple component service providers, while their identities need to be shared and propagated across multi-domain in a privacy-preserving fashion. An anonymous credential-based identity verification scheme is proposed to address privacy issue. Users establish trust relationship with the federation by running the enrollment protocol, which is based on zero-knowledge proof of a set of committed attributes. The IdP cannot learn identity-related information about the user. Anonymous credentials issued by the IdP allow users to selectively disclose attributes as required and prove them in an untraceable and unlinkable way, where the IdP cannot trace the showing of credential and component service providers cannot address multiple transactions to the same user even if they collude either. With the proposed attributes proof protocols, users can prove AND and OR relation over multiple attributes, and interval and inequality relation over a single attribute as well.","PeriodicalId":345694,"journal":{"name":"2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IMIS.2014.80","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

During the execution of a business process users need to be authenticated by multiple component service providers, while their identities need to be shared and propagated across multi-domain in a privacy-preserving fashion. An anonymous credential-based identity verification scheme is proposed to address privacy issue. Users establish trust relationship with the federation by running the enrollment protocol, which is based on zero-knowledge proof of a set of committed attributes. The IdP cannot learn identity-related information about the user. Anonymous credentials issued by the IdP allow users to selectively disclose attributes as required and prove them in an untraceable and unlinkable way, where the IdP cannot trace the showing of credential and component service providers cannot address multiple transactions to the same user even if they collude either. With the proposed attributes proof protocols, users can prove AND and OR relation over multiple attributes, and interval and inequality relation over a single attribute as well.

查看原文本刊更多论文

基于匿名凭证的业务流程隐私保护身份验证

在执行业务流程期间，用户需要由多个组件服务提供者进行身份验证，而他们的身份需要以保护隐私的方式跨多域共享和传播。为了解决隐私问题，提出了一种基于匿名凭证的身份验证方案。用户通过运行注册协议与联盟建立信任关系，注册协议基于对一组已提交属性的零知识证明。IdP无法学习到用户的身份相关信息。由IdP发出的匿名凭证允许用户根据需要有选择地披露属性，并以一种不可追踪和不可链接的方式证明它们，在这种情况下，IdP无法跟踪凭证的显示，组件服务提供者也无法向同一用户处理多个事务，即使它们相互勾结也是如此。利用所提出的属性证明协议，用户可以在多个属性上证明与或关系，也可以在单个属性上证明间隔和不等式关系。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing

自引率

0.00%

发文量