A General Certification Framework with Applications to Privacy-Enhancing Certificate Infrastructures

Interactions in electronic media require mutual trust to be established, preferably through the release of certified information. Disclosing certificates for provisioning the required information often leads to the disclosure of additional information not required for the purpose of the interaction. For instance ordinary certificates unnecessarily reveal their binary representation. We propose a certificate-based framework comprising protocol definitions and API specifications for controlled, i.e., well-specified, release of data. This includes controlled release during the certification of data and controlled release of certified data. The protocols are based on proofs of knowledge of certificates and relations over the attributes, ensuring that no side information but only the specified data is revealed. Furthermore, the protocols allow for releasing certified data in plain or encrypted form and allow one to prove general expressions over the data items. Our framework can be seen as a generalization of anonymous credential systems, group signature, traceable signature, and e-cash schemes. The framework encompasses a specification language that allows one to precisely specify what data to release and how to release them in the protocols. We show how our framework can be implemented cryptographically and how a privacy-enhanced PKI that integrates into today’s PKI on the Internet can be built using the framework. We consider our framework a central building block to achieve privacy on the Internet.

By: Jan Camenisch, Dieter M. Sommer, Roger D. Zimmermann

Published in: in "Security and Privacy in Dynamic Environments" Proc. 21st IFIP Int'l Information Security Conf. Security and Privacy in Dynamic Environments "SEC 2006," Karlstad, Sweden, IFIP International Federation for Information Processing, Boston, Springer, vol.201, p.25 in 2006

Please obtain a copy of this paper from your local library. IBM cannot distribute this paper externally.

Questions about this service can be mailed to reports@us.ibm.com .