Id biometria
Páginas: 25 (6107 palabras)
Publicado: 13 de abril de 2010
Digital Identity Protection - Concepts and Issues
Elisa Bertino CS Department Purdue University West Lafayette, Indiana bertino@cs.purdue.edu Federica Paci CS Department Purdue University West Lafayette, Indiana paci@cs.purdue.edu Ning Shang CS Department Purdue University West Lafayette, Indiana nshang@cs.purdue.edu
Abstract
Tools and techniques for digital identity management represent animportant technology for enabling transactions and interactions across the Internet. Because identity information is often privacy sensitive, it is important that suitable privacy and security techniques be adopted for its protection. In this paper we discuss relevant concepts and issues and survey an approach based on the notion of multifactor verification. Such approach, developed for federateddigital identity management systems, is based on privacypreserving cryptographic protocols and thus achieves high assurance privacy. In the paper we also discuss relevant open research issues, including interoperability, and protocols to support sophisticated policies for identity verification.
ability in business transactions, and in complying with regulatory controls. Digital identity can bedefined as the digital representation of the information known about a specific individual or organization. Such information can be used for different purposes, ranging from allowing one to prove his/her claim to identity (very much like the use of a birth certificate or passport) to establishing permissions (like the use of a drivers license to establish the right to operate a vehicle). It may includenot only “attributive information” about an individual, such as social security number or passport number, but also “biometric information”, such as iris or fingerprint features. For this technology to fully deploy its potential, it is crucial that strong protection of digital identity be achieved. Identity management (IdM) systems must assure that such information is not misused and individualsprivacy is guaranteed.
1. Introduction
Today a global information infrastructure connects remote parties worldwide through the use of large scale networks, relying on application level protocols and services, such as recent web service technology. Execution of activities in various domains, such as shopping, entertainment, business and scientific collaboration, and at various levels within thosecontexts, is increasingly based on the use of remote resources and services. The interaction between different remotely-located parties may be (and sometimes should be) based on little knowledge about each other. Thus, as the richness of our cyberspace lives begins to parallel our physical world experience, more convenient IT (Information Technology) infrastructures and systems are expected. Weexpect, for example, that personal preferences and profiles of users be readily available when shopping over the Web, without requiring the users to repeatedly enter them. In such a scenario, digital identity management (DIM) technology is fundamental in customizing user experience, protecting privacy, underpinning accountlxix
In this paper we focus on a solution for the privacypreservingverification of digital identity information, based on multi-factor verification strategy. By multi-factor verification we mean that whenever some identity information, referred to as identity attribute, about an individual needs to be verified by a party, for example a service provider, such party may verify the identity by requiring several identity proofs. The specification of which identity attributes have tobe presented is stated by verification policies. Different parties in a distributed system may specify different policies. To assure that such an approach does not undermine privacy, we have developed a cryptographic protocol, referred to as aggregate zero knowledge proof protocol. Such a protocol allows a user to prove the knowledge of multiple secrets to a party, that is, a verifier,...
Elisa Bertino CS Department Purdue University West Lafayette, Indiana bertino@cs.purdue.edu Federica Paci CS Department Purdue University West Lafayette, Indiana paci@cs.purdue.edu Ning Shang CS Department Purdue University West Lafayette, Indiana nshang@cs.purdue.edu
Abstract
Tools and techniques for digital identity management represent animportant technology for enabling transactions and interactions across the Internet. Because identity information is often privacy sensitive, it is important that suitable privacy and security techniques be adopted for its protection. In this paper we discuss relevant concepts and issues and survey an approach based on the notion of multifactor verification. Such approach, developed for federateddigital identity management systems, is based on privacypreserving cryptographic protocols and thus achieves high assurance privacy. In the paper we also discuss relevant open research issues, including interoperability, and protocols to support sophisticated policies for identity verification.
ability in business transactions, and in complying with regulatory controls. Digital identity can bedefined as the digital representation of the information known about a specific individual or organization. Such information can be used for different purposes, ranging from allowing one to prove his/her claim to identity (very much like the use of a birth certificate or passport) to establishing permissions (like the use of a drivers license to establish the right to operate a vehicle). It may includenot only “attributive information” about an individual, such as social security number or passport number, but also “biometric information”, such as iris or fingerprint features. For this technology to fully deploy its potential, it is crucial that strong protection of digital identity be achieved. Identity management (IdM) systems must assure that such information is not misused and individualsprivacy is guaranteed.
1. Introduction
Today a global information infrastructure connects remote parties worldwide through the use of large scale networks, relying on application level protocols and services, such as recent web service technology. Execution of activities in various domains, such as shopping, entertainment, business and scientific collaboration, and at various levels within thosecontexts, is increasingly based on the use of remote resources and services. The interaction between different remotely-located parties may be (and sometimes should be) based on little knowledge about each other. Thus, as the richness of our cyberspace lives begins to parallel our physical world experience, more convenient IT (Information Technology) infrastructures and systems are expected. Weexpect, for example, that personal preferences and profiles of users be readily available when shopping over the Web, without requiring the users to repeatedly enter them. In such a scenario, digital identity management (DIM) technology is fundamental in customizing user experience, protecting privacy, underpinning accountlxix
In this paper we focus on a solution for the privacypreservingverification of digital identity information, based on multi-factor verification strategy. By multi-factor verification we mean that whenever some identity information, referred to as identity attribute, about an individual needs to be verified by a party, for example a service provider, such party may verify the identity by requiring several identity proofs. The specification of which identity attributes have tobe presented is stated by verification policies. Different parties in a distributed system may specify different policies. To assure that such an approach does not undermine privacy, we have developed a cryptographic protocol, referred to as aggregate zero knowledge proof protocol. Such a protocol allows a user to prove the knowledge of multiple secrets to a party, that is, a verifier,...
Leer documento completo
Regístrate para leer el documento completo.