Abstract
In this paper, we propose to replace the national identity card, currently used in many countries, by a personal device that allows its user to prove some binary statements about himself while minimizing personal information leakage. The privacy of the user is protected through the use of anonymous credentials which allows him to prove binary statements about himself to another entity without having to disclose his identity or any unnecessary information. The proposed scheme also prevents the possibility of tracing the user, even if he proves several times the same statement (unlinkability property). A tamper-proof smartcard is used to store the personal information of the user thus protecting his privacy and preventing the risks of forgery at the same time. The user identifies himself to the card via biometrics thus forbidding an unauthorized use in the situation where the card is stolen or lost. Two practical implementations of the privacy-preserving identity card are described and discussed.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bangerter, E., Camenisch, J., Lysyanskaya, A.: A cryptographic framework for the controlled release of certified data. In: Proceedings of the 12th International Security Protocols Workshop, pp. 20–42 (2004)
Belenkiy, M., Chase, M., Kolhweiss, M., Lysyanskaya, A.: P-signatures and noninteractive anonymous credentials. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 356–374. Springer, Heidelberg (2008)
Birch, D.: Psychic ID: A blueprint for a modern national identity scheme. Identity in the Information Society 1(1) (2009)
Boudot, F.: Partial revelation of certified identity. In: Proceedings of the First International Conference on Smart Card Research and Advanced Applications (CARDIS 2000), pp. 257–272 (2000)
Calmels, B., Canard, S., Girault, M., Sibert, H.: Low-cost cryptography for privacy in RFID systems. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 237–251. Springer, Heidelberg (2006)
Camenisch, J., Lysyanska, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)
Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)
Camenisch, J., Thomas, G.: Efficient attributes for anonymous credentials. In: Proceedings of the 2008 ACM Conference on Computer and Communications Security (CCS 2008), pp. 345–356 (2008)
Chaum, D.: Security without identification: transaction systems to make Big Brother obsolete. Communications of the ACM 28(10), 1030–1044 (1985)
Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)
Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)
Deswarte, Y., Gambs, S.: Towards a privacy-preserving national identity card. LAAS Report No.09208, 20 pages (August 2009), http://hal.archives-ouvertes.fr/hal-00411838/fr/
Dodis, Y., Reyzin, L., Smith, A.: Security with Noisy Data. In: Tuyls, P., Skoric, B., Kevenaar, T. (eds.) Fuzzy extractors, a brief survey of results from 2004 to 2006, ch. 5. Springer, Heidelberg (2007)
European Union, Directive 95/46/EC of the European Parliament and of the Council of 24 October (1995), on the protection of individuals with regard to the processing of personal data and on the free movement of such data, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML
European Network and Information Security Agency (ENISA) position paper, Privacy features of European eID card specifications, http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_privacy_features_eID.pdf
Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. Journal of the ACM 38(3), 691–729 (1991)
Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008)
Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Proceedings of the 6th ACM Conference on Computer and Communications Security (CCS 1999), pp. 28–36 (1999)
Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems (Extended abstract). In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000)
PRIME - Privacy and Identity Management for Europe, PRIME white paper (May 2008), https://www.prime-project.eu/prime_products/whitepaper/
Ravi, S., Raghuanathan, A., Chadrakar, S.: Tamper resistance mechanisms for secure embedded systems. In: Proceedings of the 17th International Conference on VLSI Design (VLSID 2004), pp. 605–611 (2004)
Shoup, V.: Why chosen ciphertext security matters. IBM Research Report RZ 3076 (November 1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Deswarte, Y., Gambs, S. (2010). Towards a Privacy-Preserving National Identity Card. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2009 2009. Lecture Notes in Computer Science, vol 5939. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11207-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-11207-2_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11206-5
Online ISBN: 978-3-642-11207-2
eBook Packages: Computer ScienceComputer Science (R0)