Securely Derived Identity Credentials on Smart Phones via Self-enrolment

  • Fabian van den Broek
  • Brinda HampiholiEmail author
  • Bart Jacobs
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9871)


In the last decade traditional identity documents have been equipped with an embedded NFC-chip to enable wireless access to the relevant data. This applies in particular to passports, following the ICAO standard, but increasingly also to other identification documents, such as driver’s licenses. Such electronic identity (eID) documents can now be used as “mother cards” by the users to remotely enrol and obtain derived credentials which can in turn be used for identification and authentication, notably on smart phones. These self-enrolment possibilities are becoming popular, because they are easier and cheaper than traditional, face-to-face enrolments.

This paper first describes a protocol for obtaining credentials on smart phones from an eID document, that has been implemented using the “IRMA” attribute-based credential technology. This basic protocol cannot exclude that someone enrols with another person’s eID document. Subsequently several mechanisms are discussed for securing a proper binding between the user and the eID document used for enrolment.


Smart Phone Near Field Communication Identity Document Mobile Network Operator Trust Assurance 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Burr, W.E., Dodson, D.F., Newton, E.M., Perlner, R.A., Timothy Polk, W., Gupta, S., Nabbus, E.A.: SP 800-63-1. Electronic authentication guideline (2011)Google Scholar
  2. 2.
  3. 3.
    Hoepman, J.-H., Hubbers, E., Jacobs, B., Oostdijk, M., Schreur, R.W.: Crossing borders: security and privacy issues of the european e-passport. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 152–167. Springer, Heidelberg (2006). doi: 10.1007/11908739_11 Google Scholar
  4. 4.
    IBM Research Zürich Security Team. Specification of the Identity Mixer cryptographic library. Technical report, IBM Research, Zürich, February 2012Google Scholar
  5. 5.
    Vullers, P., Alpár, G.: Efficient selective disclosure on smart cards using idemix. In: Fischer-Hübner, S., Leeuw, E., Mitchell, C. (eds.) IDMAN 2013. IFIP AICT, vol. 396, pp. 53–67. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-37282-7_5 CrossRefGoogle Scholar
  6. 6.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001). doi: 10.1007/3-540-44987-6_7 CrossRefGoogle Scholar
  7. 7.
    Alpár, G., Jacobs, B.: Credential design in attribute-based identity management. In: Bridging Distances in Technology and Regulation, 3rd TILTing Perspectives Conference, pp. 189–204 (2013)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Fabian van den Broek
    • 1
  • Brinda Hampiholi
    • 1
    Email author
  • Bart Jacobs
    • 1
  1. 1.Institute for Computing and Information SciencesRadboud UniversityNijmegenThe Netherlands

Personalised recommendations