Mobile Devices to the Identity Rescue
Identity management is defined as the set of processes related to identity and access information for the whole identity life cycle in a system. In the open internet users need new methods for identity management that supply reliable authentication and sufficient user control. Currently applied methods often lack a proper level of security (e.g., passwords) and privacy (e.g., diverse processing of personal data).
A personal smart card and a personal smart phone can communicate using near-field communication (NFC). This allows users to apply their smart phone as a personal semi-trusted smart-card reader. For applications such as authentication, this Trusted Couple can then be used in a secure and intuitive way, like a remote card reader. As attribute-based credentials (ABCs) can efficiently be implemented on tamper-resistant smart cards with the current technology, we can achieve a more privacy-friendly and more flexible way of not only authentication but also role-based access control or management of personal information. In this paper we describe how a Trusted Couple can solve security, privacy, and usability problems in identity management.
Keywordsattribute-based credential smart card NFC mobile phone identity management
- 2.Alpár, G., Hoepman, J.-H., Siljee, J.: The Identity Crisis. Security, Privacy and Usability Issues in Identity Management. Journal of Information System Security 8(3) (2013)Google Scholar
- 3.Alpár, G., Jacobs, B.: Credential Design in Attribute-Based Identity Management. In: Leenes, R. (ed.) TILTing Perspectives (2013)Google Scholar
- 4.Bhargav-Spantzel, A., Camenisch, J., Gross, T., Sommer, D.: User centricity: a taxonomy and open issues. Journal of Computer Security 15(5), 493–527 (2007)Google Scholar
- 6.Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)Google Scholar
- 7.Camenisch, J., Krontiris, I., Lehmann, A., Neven, G., Paquin, C., Rannenberg, K., Zwingelberg, H.: D2.1 Architecture for Attribute-based Credential Technologies. Technical report, ABC4Trust (2011)Google Scholar
- 10.Cameron, K.: Laws of identity (May 2005), http://www.identityblog.com/stories/2004/12/09/thelaws.html
- 13.Jøsang, A., Zomai, M.A., Suriadi, S.: Usability and privacy in identity management architectures. In: Proceedings of the Fifth Australasian Symposium on ACSW Frontiers, vol. 68, pp. 143–152. Australian Computer Society, Inc. (2007)Google Scholar
- 17.Nissenbaum, H.: Privacy as Contextual Integrity. Washington Law Review 79(1), 119–158 (2004)Google Scholar
- 19.IBM Research Zürich Security Team. Specification of the Identity Mixer cryptographic library, version 2.3.4. Technical report, IBM Research, Zürich (February 2012)Google Scholar
- 21.NFC World. Forecast, http://www.nfcworld.com/technology/forecast/ (last accessed: September 10, 2013)