Digital credentials and certificates can easily be shared and copied among different users. For instance, if one user possesses a credential that allows him to access some service or application, he can easily share the credential with his friends and thereby enable his friends to access the service as well. While with a non-anonymous credential, this sharing can to some extend be detected by the fact that some credentials get used too often, such detection is not possible with anonymous credentials. One possible solution to the problem is to use tamper resistant hardware to which a credential is bound such that a credential can only be used in connection with that hardware. This, however, has the drawback in that it does not leave the user any flexibility in using the credential. For example, if the hardware is contained in a personal digital assistant (PDA) or laptop, the user cannot use the credential on all his computing devices but only with the computing device that has this hardware. Thus, the known solutions either do not allow the user to transfer the credential from one computing device to another, or otherwise allow the user to share the credentials with other users.
There are proposals that aim to deter a user from sharing a credential by either making it such that by sharing a credential, the user also shares some other secret (e.g., a secret that gives access to his bank account), or making it such that if the user shares one credential then he shares all his credentials. These methods have limited applicability because the first one assumes that a valuable secret exists and the second assumes that there are other valuable credentials. Both postulates are often not fulfilled.
Hence, it is desired to provide a credential mechanism that allows use of multiple computing devices for requesting access to an application and that discourages unauthorized circulation of a credential.