Real-World Identification for an Extensible and Privacy-Preserving Mobile eID

  • Michael HölzlEmail author
  • Michael Roland
  • René Mayrhofer
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 526)


There is a broad range of existing electronic identity (eID) systems which provide methods to sign documents or authenticate to online services (e.g. governmental eIDs, FIDO). However, these solutions mainly focus on the validation of an identity to a web page. That is, they often miss proper techniques to use them as regular ID cards to digitally authenticate an eID holder to another physical person in the real world. We propose a mobile eID which provides such a functionality and enables extensibility for its use with numerous different public and private services (e.g. for loyalty programs, public transport tickets, student cards), while protecting the privacy of the eID holder. In this paper, we present a general architecture and efficient protocols for such a privacy-preserving mobile eID that allows identity validation in a similar fashion as regular ID cards and makes carrying around various physical cards unnecessary.



This work has been carried out within the scope of u’smile, the Josef Ressel Center for User-Friendly Secure Mobile Environments, funded by the Christian Doppler Gesellschaft, A1 Telekom Austria AG, Drei-Banken-EDV GmbH, LG Nexera Business Solutions AG, NXP Semiconductors Austria GmbH, and Österreichische Staatsdruckerei GmbH.


  1. 1.
    Alpár, G., Hoepman, J.-H.: A secure channel for attribute-based credentials: [short paper]. In: Proceedings of 2013 ACM Workshop on Digital Identity Management, DIM 2013, pp. 13–18. ACM (2013)Google Scholar
  2. 2.
    Alpár, G., Jacobs, B.: Credential design in attribute-based identity management. In: 3rd TILTing Perspectives Conference on Bridging Distances in Technology and Regulation, pp. 189–204, April 2013Google Scholar
  3. 3.
    Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard Java card. In: Proceedings of 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 600–610. ACM (2009)Google Scholar
  4. 4.
    Bichsel, P., et al.: An architecture for privacy-ABCs. In: Rannenberg, K., Camenisch, J., Sabouri, A. (eds.) Attribute-Based Credentials for Trust, pp. 11–78. Springer, Cham (2015). Scholar
  5. 5.
    Bjones, R., Krontiris, I., Paillier, P., Rannenberg, K.: Integrating anonymous credentials with eids for privacy-respecting online authentication. In: Preneel, B., Ikonomou, D. (eds.) APF 2012. LNCS, vol. 8319, pp. 111–124. Springer, Heidelberg (2014). Scholar
  6. 6.
    Camenisch, J., Lehmann, A., Neven, G.: Electronic identities need private credentials. IEEE Secur. Priv. 10(1), 80–83 (2012)CrossRefGoogle Scholar
  7. 7.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001). Scholar
  8. 8.
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003). Scholar
  9. 9.
    FIDO Alliance: FIDO UAF Protocol Specification v1.1. Implementation Draft, February 2017Google Scholar
  10. 10.
    GlobalPlatform: Card Specification v2.3. Public Release, October 2015Google Scholar
  11. 11.
    Hajny, J., Malina, L.: Unlinkable attribute-based credentials with practical revocation on smart-cards. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 62–76. Springer, Heidelberg (2013). Scholar
  12. 12.
    Hölzl, M., Mayrhofer, R., Roland, M.: Requirements for an open ecosystem for embedded tamper resistant hardware on mobile devices. In: Proceedings of International Conference on Advances in Mobile Computing & Multimedia, MoMM 2013, pp. 249–252. ACM (2013)Google Scholar
  13. 13.
    Hölzl, M., Roland, M., Mayrhofer, R.: Real-world identification: towards a privacy-aware mobile eID for physical and offline verification. In: Proceedings of 14th International Conference on Advances in Mobile Computing and Multimedia, MoMM 2016, pp. 280–283. ACM (2016)Google Scholar
  14. 14.
    IBM Research: Specification of the Identity Mixer Cryptographic Library v2.3.0. Research Report, April 2010Google Scholar
  15. 15.
    Jensen, J.L.: Smartphone feasibility analysis. Deliverable D4.4 (2014)Google Scholar
  16. 16.
    Lehmann, A., et al.: Survey and analysis of existing eID and credential systems. FutureID Deliverable D32.1, April 2013Google Scholar
  17. 17.
    Madlmayr, G., Langer, J., Kantner, C., Scharinger, J.: NFC Devices: security and privacy. In: Third International Conference on Availability, Reliability and Security (ARES 2008), pp. 642–647. IEEE (2008)Google Scholar
  18. 18.
    Nyman, T., Ekberg, J.-E., Asokan, N.: Citizen electronic identities using TPM 2.0. In: Proceedings of 4th International Workshop on Trustworthy Embedded Devices, pp. 37–48. ACM (2014)Google Scholar
  19. 19.
    Otterbein, F., Ohlendorf, T., Margraf, M.: Mobile authentication with German eID. Extended Abstract for Presentation at the 11th International IFIP Summer School on Privacy and Identity Management (2016)Google Scholar
  20. 20.
    Paquin, C.: U-prove technology overview v1.1. Technical report, Microsoft Corporation Draft Revision, April 2013Google Scholar
  21. 21.
    Rannenberg, K., Camenisch, J., Sabouri, A. (eds.): Attribute-Based Credentials for Trust - Identity in the Information Society. Springer, Cham (2015). Scholar
  22. 22.
    Shoup, V.: A proposal for an ISO standard for public key encryption (version 2.1). IACR e-Print Archive 112 (2001)Google Scholar
  23. 23.
    Vullers, P., Alpár, G.: Efficient selective disclosure on smart cards using Idemix. In: Fischer-Hübner, S., de Leeuw, E., Mitchell, C. (eds.) IDMAN 2013. IAICT, vol. 396, pp. 53–67. Springer, Heidelberg (2013). Scholar

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  • Michael Hölzl
    • 1
    Email author
  • Michael Roland
    • 2
  • René Mayrhofer
    • 1
  1. 1.Insitute of Networks and SecurityJKU LinzLinzAustria
  2. 2.University of Applied Sciences Upper AustriaHagenbergAustria

Personalised recommendations