Securely Derived Identity Credentials on Smart Phones via Self-enrolment
نویسندگان
چکیده
In the last decade traditional identity documents have been equipped with an embedded NFC-chip to enable wireless access to the relevant data. This applies in particular to passports, following the ICAO standard, but increasingly also to other identification documents, such as driver’s licenses. Such electronic identity (eID) documents can now be used as “mother cards” by the users to remotely enrol and obtain derived credentials which can in turn be used for identification and authentication, notably on smart phones. These self-enrolment possibilities are becoming popular, because they are easier and cheaper than traditional, face-to-face enrolments. This paper first describes a protocol for obtaining credentials on smart phones from an eID document, that has been implemented using the “IRMA” attribute-based credential technology. This basic protocol cannot exclude that someone enrols with another person’s eID document. Subsequently several mechanisms are discussed for securing a proper binding between the user and the eID document used for enrolment.
منابع مشابه
A Consolidated Authentication Model in Cloud Computing Environments
Due to increasing needs of Internet access through smart phones and smart pads, it is essential to have service provider systems, which allows to access services through a variety of devices. In particular, this system is required to protect credential and personal information saved in each device, is need a more efficient and secure consolidated authentication model (CAM) in order to authentic...
متن کاملA Mobile and Reliable Anonymous ePoll Infrastructure
This paper illustrates and scans the limits of the use of anonymous credentials (e.g. Idemix) on smart phones to preserve the user’s privacy. A prototypical application with strong privacy requirements, ePoll, will be presented in detail. To ease the implementation of such applications, a specialized identity management framework has been developed. A first prototype of the ePoll application wa...
متن کاملUsing NFC Phones for Proving Credentials
In this paper we propose a new solution for mobile payments called Tap2 technology. To use it, users need only their NFC-enabled mobile phones and credentials implemented on their smart cards. An NFC device acts like a bridge between service providers and secure elements and the secure credentials (on the card) are never revealed. In this way, secure authentication can be obtained by means of a...
متن کاملUser identity verification via mouse dynamics
Computers and services such as eBanks and WebMails that identify users only at login via credentials are vulnerable to Identity Theft. Hackers perpetrate fraudulent activity under stolen identities by using credentials, such as passwords and smartcards, unlawfully obtained from legitimate users or by using logged-on computers that are left unattended. User verification methods provide an additi...
متن کاملData-Minimizing Authentication Goes Mobile
Authentication is a prerequisite for proper access control to many e-services. Often, it is carried out by identifying the user, while generally, verification of certified attributes would suffice. Even worse, this kind of authentication makes all the user’s transactions linkable and discloses an excessive amount of personal information, and thus erodes the user’s privacy. This is in clear cont...
متن کامل