Managing privacy when using the Internet has become a critical component in using online services. Large parts of trade and public agencies—e.g., e-government—rely now on online services. The problem of stolen online identities has grown to a serious threat for online activities. Thus, managing identities in a secure and privacy-friendly way is a key success factor in expanding online services to more and more sensitive areas, like health care and other very personal areas. One way to address security and privacy issues may be in using (privacy-enhancing) credentials from a trusted issuer.
Attribute-based credentials, such as X.509 certificates or privacy-enhancing Identity Mixer credentials, are certified attribute-value pairs that are issued by an issuer, e.g., a trusted government-backed official authority—to a user. The user may then use those credentials to derive verification or presentation tokens that prove the validity of certain attributes towards a verifier, who accepts tokens originated from trusted issuers. Thus, those credentials, respectively derived tokens, provide a form of user authentication based on a set of certified user attributes.
There may be scenarios, such as accounting or auditing, where the verifier wants or has to give the received verification tokens to a further verifying party. For the sake of clarity, we call such a third party verifier an auditor in the remaining part of this document. In order to do such a verification token transfer in a verifiable way, i.e., allowing also the auditor to verify the validity of the verification token, the verifier, so far, would have to forward the entire verification token. That is, all user attributes that were revealed towards the verifier are also revealed towards the auditor. However, those might disclose more information than strictly necessary for the auditor's purpose.
Document US 2012/0260330 A1 discloses a computer implemented method for receiving a resource request at a representational state transfer (REST) client from a user. The resource request including a user ID, determining, by the REST client, a key pair including a public key and a corresponding private key that are associated with the user ID may be requested. Additionally, a certificate associated with the user ID that is signed by a certificate authority and based on at least the user ID and the public key associated with the user ID may be obtained by the REST client. Also, by the REST client, the user to a REST server may be impersonated using the certificate and the private key associated with the user ID. And, by the REST client, on behalf of the user, using a stateless protocol with the REST server, the requested resource may be accessed.
Furthermore, document US 2010/0174911 A1 discloses an anonymous authentication system comprising a group management device, an authentication-subjected user device, a verification device and an authentication-subjected user identification device. A user previously registers a verification key in the group management device such that his signature can be verified. For authentication, the user generates its own signature using the authentication-subjected user device, and encrypts the signature using an encryption key of the group to generate authentication data.
The verification device authenticates the signature in collaboration with a verification assistant who has a decryption key of the group. The authentication-subjected user identification device that has the decryption key of the group decrypts the authentication data as required to identify a user who is to be authenticated.