Digital credentials are the digital equivalent of paper-based
credentials. Just as a paper-based credential could be a
passport, a
driver's license
A driver's license is a legal authorization, or the official document confirming such an authorization, for a specific individual to operate one or more types of motorized vehicles—such as motorcycles, cars, trucks, or buses—on a public ...
, a membership certificate or some kind of ticket to obtain some service, such as a cinema ticket or a public transport ticket, a digital credential is a proof of qualification, competence, or clearance that is attached to a person. Also, digital credentials prove something about their owner. Both types of credentials may contain personal information such as the person's name, birthplace, birthdate, and/or biometric information such as a picture or a finger print.
Because of the still evolving, and sometimes conflicting, terminologies used in the fields of computer science, computer security, and cryptography, the term "digital credential" is used quite confusingly in these fields. Sometimes passwords or other means of authentication are referred to as credentials. In
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also i ...
design, credentials are the properties of a
process
A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic.
Things called a process include:
Business and management
*Business process, activities that produce a specific se ...
(such as its effective
UID) that is used for determining its access rights. On other occasions,
certificates and associated key material such as those stored in
PKCS#12 and
PKCS#15 are referred to as credentials.
Digital badge
Digital badges (also known as ebadges, or singularly as ebadge) are a validated indicator of accomplishment, skill, quality or interest that can be earned in various learning environments.
Origin and development
Traditional physical badges have ...
s are a form of digital credential that indicate an accomplishment, skill, quality or interest. Digital badges can be earned in a variety of learning environments.
Digital cash
Money
Money is any item or verifiable record that is generally accepted as payment for goods and services and repayment of debts, such as taxes, in a particular country or socio-economic context. The primary functions which distinguish money are as ...
is usually not seen as a qualification that is attached to a specific person as
token money
Token money, or token, is a form of money that has a lesser intrinsic value compared to its face value. Token money is anything that is accepted as money, not due to its intrinsic value but instead because of custom or legal enactment. Token mo ...
is taken to have a value on its own. Digital assets like
digital cash
Digital currency (digital money, electronic money or electronic currency) is any currency, money, or money-like asset that is primarily managed, stored or exchanged on digital computer systems, especially over the internet. Types of digital cu ...
are easily copied. Consequently, digital cash protocols have to make an extra effort to avoid the
double spending
Double-spending is a fundamental flaw in a digital cash protocol in which the same single digital token can be spent more than once. Due to the nature of information space, in comparison to physical space (as in: valuable physical resources), a ...
of coins. Credentials are a proof of qualification that is attached to a person. E-Coins are given to individuals, who cannot pass them on to others, but can only spend them with merchants. As long as they spend a coin only once, they are anonymous, but should they spend a coin twice, they become identifiable and appropriate actions can be taken by the bank. This commonality, the binding to an individual, is why digital cash and digital credentials share many commonalities. In fact most implementations of anonymous digital credential also realize digital cash.
Anonymous
The main idea behind anonymous digital credentials is that users are given cryptographic tokens which allow them to prove statements about themselves and their relationships with public and private organizations anonymously. This is seen as a more privacy-friendly alternative to keeping and using large centralized and linkable user records. Anonymous digital credentials are thus related to
privacy and
anonymity.
Paper world analogues of personalized, or non-anonymous
credentials are: passports, driving licenses, credit cards, health insurance cards, club membership cards etc. These contain the name of the owner and have some authenticating information such as a signature, PIN or photograph, to stop them being used by anyone other than the rightful owner. Paper world analogues of anonymous credentials are: money, bus and train tickets, and game-arcade tokens. These don't have any personally identifying information and consequently can be transferred between users without the issuers or relying parties being aware of this. Credentials are issued by organizations that ascertain the authenticity of the information which can be provided to verifying entities on demand.
In order to investigate certain privacy specific properties of credentials, we take a more detailed look at two kind of 'credentials', physical money and credit cards. Without doubt both of them provide adequate information for doing payment transactions. However the amount and quality of the information disclosed varies. Money is protected from forgery by its physical properties. Beyond that, only very little information is revealed:
Coins feature an ingrained value and the year of coining; in addition bank notes contain a unique serial number in order to provide the traceability required by law enforcement.
On the other hand, the use of a credit card, whose main purpose is similar to money, allows for the creation of highly detailed records about the card owner. Credit cards are therefore not privacy protecting. The main privacy advantage of money is that its users can remain anonymous. There are however other security and usability properties that make real world cash popular.
Credentials used in a national identification system are also especially privacy relevant. Such an ID, be it a passport, a driver's license, or some other type of card usually contains essential personal information. In certain situations it may be advantageous to reveal only parts of the information contained on the ID, e.g., some lower limit for the person's age or the fact that the person is capable of driving a car.
Pseudonyms
The original anonymous credential system proposed by
David Chaum is sometimes also referred to as a pseudonym system. This stems from the fact that the credentials of such a system are obtained from and shown to organizations using different pseudonyms which cannot be linked.
The introduction of pseudonyms
is a useful extension to anonymity.
''Pseudonyms'' allow users to choose a different name with each organization. While pseudonyms allow organizations to associate users with accounts, organizations cannot determine the real identities of their customers. Nevertheless, by using an anonymous credential, certain statements about the relationship of a user with one organization, under a pseudonym, can be proven to another organization that knows the user only under a different pseudonym.
History
Anonymous credential systems are related to the concept of untraceable or anonymous payments. In this important work, Chaum presents a new cryptographic primitive,
blind signature
In cryptography a blind signature, as introduced by David Chaum, is a form of digital signature in which the content of a message is disguised ( blinded) before it is signed. The resulting blind signature can be publicly verified against the origin ...
protocols. In such a scheme the signer neither learns the message he signs, nor the signature the recipient obtains for his message. Blind signatures are an important building block of many privacy-sensitive applications, such as anonymous payments, voting, and credentials. The original idea for an anonymous credential system
was derived from blind signatures, but relied on a
trusted party for credential transfer—the translation from one pseudonym to another. The blind signature scheme introduced by Chaum was based on
RSA signatures and based on the
discrete logarithm problem can be used for constructing anonymous credential systems.
Stefan Brands generalized digital credentials with secret-key certificate based credentials, improving on Chaum's basic blind-signature based system in both the discrete logarithm and strong RSA assumption settings. Brands credentials provide efficient algorithms and privacy in an unconditional commercial security setting, along with several other features such as a proof of non-membership blacklist.
Another credential form that adds a new feature to anonymous credentials: multi-show unlinkability. These are the
group signature A group signature scheme is a method for allowing a member of a group to anonymously sign a message on behalf of the group. The concept was first introduced by David Chaum and Eugene van Heyst in 1991. For example, a group signature scheme could b ...
related credentials of Camenisch et al. The introduction of
Group signature A group signature scheme is a method for allowing a member of a group to anonymously sign a message on behalf of the group. The concept was first introduced by David Chaum and Eugene van Heyst in 1991. For example, a group signature scheme could b ...
s opened up the possibility of multi-show unlinkable showing protocols. While blind signatures are highly relevant for electronic cash and one-show credentials, a new cryptographic primitive, called
group signature A group signature scheme is a method for allowing a member of a group to anonymously sign a message on behalf of the group. The concept was first introduced by David Chaum and Eugene van Heyst in 1991. For example, a group signature scheme could b ...
, opened new possibilities for the construction of privacy enhancing protocols. As is observed in their article, group signatures bear a resemblance to Chaum's concept of credential systems.
Using a group signature scheme, the members of a group can sign a message with their respective secret keys. The resulting signature can be verified by everyone who knows the common public key, but the signature does not reveal any information about the signer except that she is a member of the group. Usually there exists another entity called the group manager, who can reveal the exact identity of the signer, and handles the adding of users to and the removal of users from the group—usually by issuing or revoking group membership certificates. The anonymity, unlinkability, and anonymity revocation provided by group signatures lends itself for a variety of privacy sensitive applications like voting, bidding, anonymous payment, and anonymous credentials
An efficient constructions for group signatures was given by Ateniese, Camenisch,
Joye, and Tsudik.
The most efficient multi-show unlinkable anonymous credential systems
—the latter is essentially a low profile version of idemix—are based on similar ideas. This is particularly true for credential systems that provide efficient means for implementing anonymous multi-show credentials with credential revocation.
Both schemes are based on techniques for doing
proofs of knowledge.
Proofs of knowledge relying on the discrete logarithm problem for groups of known order and on the special RSA problem for groups of hidden order form the basis for most of today's group signature and anonymous credential systems.
Moreover,
direct anonymous attestation Direct Anonymous Attestation (DAA) is a cryptographic primitive which enables remote authentication of a trusted computer whilst preserving privacy of the platform's user. The protocol has been adopted by the Trusted Computing Group (TCG) in the l ...
a protocol for authenticating
trusted platform module
Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a ...
s is based on the same techniques.
Direct anonymous attestation Direct Anonymous Attestation (DAA) is a cryptographic primitive which enables remote authentication of a trusted computer whilst preserving privacy of the platform's user. The protocol has been adopted by the Trusted Computing Group (TCG) in the l ...
can be seen as the first commercial application of multi show anonymous digital credentials, even though in this case credentials are not attached to persons, but to chips and consequently computer platforms.
From an applications' point of view, the main advantage of Camenisch et al.'s multi-show unlinkable credentials over the more efficient Brands credentials is the multi-show unlinkable property. However, this property is mainly of practical interest in an off-line setting. Brands credentials provide a mechanism that gives analogous functionality without sacrificing performance: an efficient batch issuing protocol which can simultaneously issue many unlinkable credentials. This mechanism can be combined with a privacy preserving certificate refresh process (which gives a fresh unlinkable credential with the same attributes as a previous spent credential).
Online credentials for learning
Online credentials for learning are digital credentials that are offered in place of traditional paper credentials for a skill or educational achievement. Directly linked to the accelerated development of internet communication technologies, the development of
digital badge
Digital badges (also known as ebadges, or singularly as ebadge) are a validated indicator of accomplishment, skill, quality or interest that can be earned in various learning environments.
Origin and development
Traditional physical badges have ...
s,
electronic passport
A biometric passport (also known as an e-passport or a digital passport) is a traditional passport that has an embedded electronic microprocessor chip which contains biometric information that can be used to authenticate the identity of the pa ...
s and
massive open online course
A massive open online course (MOOC ) or an open online course is an online course aimed at unlimited participation and open access via the Web. In addition to traditional course materials, such as filmed lectures, readings, and problem sets, man ...
s
(MOOCs) have a very direct bearing on our understanding of learning, recognition and levels as they pose a direct challenge to the status quo. It is useful to distinguish between three forms of online credentials: Test-based credentials, online badges, and online certificates.
See also
Sources
References
{{Reflist, 2
Cryptography
Cryptographic protocols