Securely Derived Identity Credentials on Smart Phones via Self-enrolment
In the last decade traditional identity documents have been equipped with an embedded NFC-chip to enable wireless access to the relevant data. This applies in particular to passports, following the ICAO standard, but increasingly also to other identification documents, such as driver’s licenses. Such electronic identity (eID) documents can now be used as “mother cards” by the users to remotely enrol and obtain derived credentials which can in turn be used for identification and authentication, notably on smart phones. These self-enrolment possibilities are becoming popular, because they are easier and cheaper than traditional, face-to-face enrolments.
This paper first describes a protocol for obtaining credentials on smart phones from an eID document, that has been implemented using the “IRMA” attribute-based credential technology. This basic protocol cannot exclude that someone enrols with another person’s eID document. Subsequently several mechanisms are discussed for securing a proper binding between the user and the eID document used for enrolment.
KeywordsSmart Phone Near Field Communication Identity Document Mobile Network Operator Trust Assurance
- 1.Burr, W.E., Dodson, D.F., Newton, E.M., Perlner, R.A., Timothy Polk, W., Gupta, S., Nabbus, E.A.: SP 800-63-1. Electronic authentication guideline (2011)Google Scholar
- 2.ABC4Trust. Attribute-Based Credentials tutorial (2011). http://www.dime-project.eu/en/Home/dime/events/list/tutorial-on-attributebased-credentials
- 3.Hoepman, J.-H., Hubbers, E., Jacobs, B., Oostdijk, M., Schreur, R.W.: Crossing borders: security and privacy issues of the european e-passport. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 152–167. Springer, Heidelberg (2006). doi: 10.1007/11908739_11 Google Scholar
- 4.IBM Research Zürich Security Team. Specification of the Identity Mixer cryptographic library. Technical report, IBM Research, Zürich, February 2012Google Scholar
- 7.Alpár, G., Jacobs, B.: Credential design in attribute-based identity management. In: Bridging Distances in Technology and Regulation, 3rd TILTing Perspectives Conference, pp. 189–204 (2013)Google Scholar