• Calendar

November 1, Tuesday
12:00 – 13:30

Protection of personal information is one of the most challenging problems in emerging information society. The traditional approach, based on purely organizational protection seems to be insufficient – it became clear that personal data protection should be backed by technical mechanisms working in automatic way, independently of human behavior. One of the recent ideas in this area is restricted identification introduced by German authorities. New electronic personal identity documents in Germany are equipped with a cryptographic protocol that supports anonymous identification. The idea is based on the notion of independent sectors of activity. The cryptographic protocol implemented there provides unlinkable passwords created with strong asymmetric cryptography from a single secret key of the user. This approach differs from anonymous credentials in the sense that a single person may have only one pseudonym in a given sector for the lifetime of a given personal identity document. In particular, no Sybil attack is possible. We present related solutions for different anonymity scenarios, such as access to personal medical information or contacts with law enforcement authorities. Despite some differences these solutions build together a common framework for unlinkable authentication in different sectors. We also provide reduction proofs supporting unlinkability claims. joint work with: P.Kubiak, L.Krzywiecki, Jun Shao, M.Koza concern results presented at IEEE CCNC 2011 and to be presented at INTRUST 2011