Your search keyword '"Digital credential"' showing total 3 results

1. Comments on biometric-based non-transferable credentials and their application in blockchain-based identity management

Author

Neyire Deniz Sarier

Subjects

Key generation, Blockchain, General Computer Science, Biometrics, business.industry, Computer science, 020206 networking & telecommunications, Context (language use), Access control, 02 engineering and technology, Computer security, computer.software_genre, Credential, Identity management, Digital credential, 0202 electrical engineering, electronic engineering, information engineering, Cryptosystem, 020201 artificial intelligence & image processing, Zero-knowledge proof, business, Law, computer

Abstract

In IT-ecosystems, access to unauthorized parties is prevented with credential-based access control techniques (locks, RFID cards, biometrics, etc.). Some of these methods are ineffective against malicious users who lend their credentials to other users. To obtain non-transferability, Adams proposed a combination of biometrics encapsulated in Pedersen commitment with Brands digital credential. However, Adams’ work does not consider the Zero Knowledge Proof-of Knowledge (ZKPoK) system for Double Discrete Logarithm Representation of the credential. Besides, biometrics is used directly, without employing any biometric cryptosystem to guarantee biometric privacy, thus Adams’ work cannot be GDPR-compliant. In this paper, we construct the missing ZKPoK protocol for Adam’s work and show its inefficiency. To overcome this limitation, we present a new biometric-based non-transferable credential scheme that maintains the efficiency of the underlying Brands credential. Secondly, we show the insecurity of the first biometric-based anonymous credential scheme designed by Blanton et al.. In this context, we present a brute-force attack against Blanton’s biometric key generation algorithm implemented for fuzzy vault. Next, we integrate an Oblivious PRF (OPRF) protocol to solve the open problem in Blanton’s work and improve its efficiency by replacing the underlying signature scheme with PS-signatures. Finally, we evaluate application scenarios for non-transferable digital/anonymous credentials in the context of Blockchain-based Identity Management (BBIM). We show that our modified constructions preserve biometric privacy and efficiency, and can easily be integrated into current BBIM systems built upon efficient Brands and PS-credentials.

Published

2021

2. DFANS: A highly efficient strategy for automated trust negotiation

Author

Hongwei Lu and Bailing Liu

Subjects

General Computer Science, Computer science, business.industry, media_common.quotation_subject, Access control, Computer security, computer.software_genre, Negotiation, Digital signature, Digital credential, Communication complexity, business, Law, computer, Protocol (object-oriented programming), media_common

Abstract

Automated trust negotiation (ATN) is an approach establishing mutual trust between strangers wishing to share resources or conduct business by gradually requesting and disclosing digitally signed credentials. The digital credentials themselves are usually sensitive, so they have corresponding access control policies to control their disclosure. Therefore, an ATN strategy must be adopted to determine the search for a successful negotiation based on the access control policies. Previously proposed negotiation strategies are either not complete, disclosing irrelevant credentials, or not efficient enough. In this paper, we propose a novel ATN strategy, that is, Deterministic Finite Automaton Negotiation Strategy (DFANS). DFANS is complete and ensures that no irrelevant credentials are disclosed during the negotiation. Furthermore, DFANS is highly efficient. In the worst case, its communication complexity is O(n), where n is the total number of credentials requested, and its computational complexity is O(m) when not involving the cyclic dependencies, where m is the total size of the both sides' policies looked up during the negotiation. When cyclic dependencies exist, a reasonable additional cost of running OSBE protocol that is a provably secure and quite efficient scheme will be added to the computational cost of DFANS to guarantee the negotiation success whenever possible.

Published

2009

3. The case for one-time credentials

Author

E.Eugene Schultz

Subjects

General Computer Science, Digital credential, Editor in chief, Business, Law, Management

Published

2004