A hardware token, such as a credit/payment card, driver's license or passport, is commonly used by its bearer to prove identity and/or a personal attribute, such as age, residence address or citizenship. Due to the practical limitations of hardware tokens, all of the information that is stored or shown on the token is available to the recipient, even though the recipient might only have a legitimate need for only a subset of that information.
For example, a liquor store customer might present a driver's licence to provide proof of the customer's age. The photograph and date of birth information printed on the driver's license provides proof of age, but might also disclose other identity attributes data, such as residence address, height and corrective lens requirements, which the recipient does not need to complete the transaction. Given the growing concerns over identity theft, this model for proving identity attributes is inconsistent with the need to prevent the unauthorized use and disclosure of personal information.