The present invention relates generally to digital security, and more particularly to dynamic creation of digital privacy-preserving credentials.
The proliferation of online services through the Internet has provided users with many exciting opportunities for electronic commerce, social networking, cloud computing, archiving of user data, email etc. Many such services deal with highly private and sensitive data. This information may include account numbers and balances, private details of a user's life, etc. Secure access to websites, secure communications channels, encryption and strong password policies serve to protect such information.
However, it's not only the data itself that a user may consider private, it is also the user's identity and online activities. For example, a person may want to access a web site only intended for certain categories of users and in so doing prove that she is a member of a qualifying category without revealing her identity. Furthermore, she may desire to keep private the fact that she is visiting a particular web site from third parties.
Federated identity solutions are intended to alleviate inconvenience for individuals who must manage the ever increasing number of passwords across websites, enable cross-domain collaborations, and enhance security of identity management. However, the achievement of these goals in added convenience for the users is often at the cost of user privacy. A third party identity provider, i.e., the third party that acts to verify a user's identity to a service provider web site to which a user seeks access, can learn about and track their users' behaviors, such as where and when they have visited particular sites and even their activity at those sites. For Internet identity providers, this is often the principal mechanism with which to monetize the identity services they provide and lies at the core of their offers. The identity provider may disclose more personal information than needed to service providers without users being aware of such disclosure.
Anonymous credential (or privacy-preserving credential) systems, such as Microsoft's U-Prove and IBM's Identity Mixer (Idemix), enable authentication and access control while protecting users' privacy. For this purpose, these systems prevent the linkage of the issuance and usage of credentials and enable selective disclosure of information in the credentials. For example, a privacy-preserving credential may be used to prove a particular attribute of a user, e.g., the user's age, without revealing the actual identity of a user. Even if the identity provider and service providers collude, they cannot track user behavior. Cryptography provides a strong foundation for both U-Prove and Idemix. However, effectively integrating the technologies into the identity ecosystem with security, privacy and usability is still a challenge.
In one scenario, a user may want to access a service provider (SP) over the Internet and also want to protect her privacy at the same time. A service provider (SP) is a web site that provides some form of service to a user, e.g., electronic commerce, cloud computing or social networking. To allow access to the service, the SP requests the user to present a credential issued by a trusted credential issuer, also referred to as an identity provider (IdP). If the user already has the credential, he/she can present the credential with selective disclosure and other privacy protection features. However, if the user does not have the credential, she needs to obtain it somehow. For a better user experience, the SP may direct the user to procure the credential dynamically and revisit the SP after the credential has been obtained. Using existing identity federation protocols provides security and seamless user experience, but at the same time using them defeats the purpose of the privacy-preserving credential because the IdP can learn which SP that the user came from.
Microsoft Corporation provides the U-Prove privacy-preserving credential technology. U-Prove Cryptographic Specification, V1.1, C. Paquin, Microsoft, February 2011. Microsoft has demonstrated a mechanism of using a U-Prove Agent to address the aforementioned concerns.
A U-Prove Agent provides a mechanism to separate the retrieving of information from trusted organizations from the release of this information to the destination website. U-Prove CTP R2 Whitepaper, Rev 17, J. Brown, P. Stradling, C. H. Wittenberg, Microsoft, February, 2011.
The underlying U-Prove cryptography prevents the issuing organizations from tracking where or when the user uses this information. The U-Prove Agent is composed of a cloud-hosted service and optional client components. The Agent (including the client components) acts on the user's behalf to:                1. Interact with the credential issuer to generate a U-Prove token and        2. Compute a presentation proof and send the presentation token to the service provider.        
A drawback of this approach is that the U-Prove Agent learns many details; the U-Prove Agent can track from which service provider the user has used a credential, at what time such use occurred, which credential was used, who issued the credential, and so on. Providing the U-Prove Agent so much information, in some aspect, has defeated the purpose of the privacy-preserving credential.
From the foregoing it will be apparent that there is still a need for an improved method to provide dynamic issuance of user credentials that do not reveal a user's identity as well as that does not reveal user behavior in their online activities. Thereto the present invention proposes a method for authenticating a user, operating a web application, for example, a web browser, on a host computer, to a web-based service provider service, characterised in that it comprises                redirecting a request to generate a credential from a service provider to an identity provider via a separator, by:                    transmitting a first request for a credential to the separator;            operating the separator to transmit a second request for the credential to the identity provider without identifying the service provider as originator;                        operating the identity provider and a security device associated with the user to engage in a privacy-preserving credential creation exchange in cooperation with the identity provider;        operating the security device to generate a presentation token from the privacy-preserving credential; and to present the presentation token to the service provider as proof of the attribute.        
According to another aspect of the invention, the request to generate a credential may be preceded by operating the service provider to request proof of an attribute from the user; may further comprise transmitting a token-issued status-message from the identity provider to the web application; operating the host computer to redirect the token-issued status-message to the separator; operating the separator to redirect the token-issued status-message to the service provider via the host computer; and wherein the step of operating the security device to create a presentation token from the privacy-preserving credential may be preceded by operating the service provider, in response to receiving the token-issued status-message, to repeat the request for proof of an attribute from the user.
According to another aspect of the invention, it may further comprise operating the service provider to verify the presentation token and to provide access to the service provider service.
According to another aspect of the invention, it may further comprise operating the security device to store the privacy-preserving credential or the presentation token.
According to another aspect of the invention, the security device may be a smart card.
According to another aspect of the invention, the credential may be a U-Prove privacy-preserving credential.
According to another aspect of the invention, the credential may be an Identity Mixer (idemix) credential and the presentation token may be a transformation of the idemix credential.
The invention also provides a system for protecting the privacy of a user of online information services, characterized in that it comprises a host computer operating under the control of a web browser by which a user accesses a web service executing on a service provider server; a personal security device connected to the host computer and programmed to generate and store privacy-preserving credentials and to generate presentation tokens from the credential in response to receiving a request including a policy of the web service; wherein the service provider is programmed to generate a credential request that redirects to a separator via the web browser executing on the host computer; wherein the separator comprises a web server that is programmed to receive a credential generation request and to create a second credential generation request, wherein the separator returns the second credential generation request to the web browser and wherein the second credential generation request redirects the web browser to an identity provider; and wherein the identity provider comprises a web server operable to engage in a credential generation protocol with the personal security device.
The invention also provides a web server computer having a processor and a memory, the memory comprising instructions to cause the web server to receive a first request to generate a privacy-preserving credential from a web browser characterized in that the first request originates with a service provider and is redirected to the web server via a web browser executing on a host compute; in response to receiving the request to generate a privacy-preserving credential, creating a response in the form of a second request to generate a privacy-preserving credential wherein the second request redirects the web browser to an identity provider directing the identity provider to engage in a credential issuance protocol with a personal security device connected to the host computer; and transmitting the second request to the web browser in response to the first request.
According to another aspect of the invention, the web server computer may further comprise instructions to cause the web server to receive a first token-issued status message from the identity provider transmitted via the web browser and in response to receiving the token-issued status message to creating a second token-issued status message and transmitting the second token-issued status message to the web browser wherein the second token-issued message is designed to redirect to the service provider thereby indicating to the service provider that the personal security device has generated the credential.