Securely Derived Identity Credentials on Smart Phones via Self-enrolment

  • Fabian van den Broek
  • Brinda Hampiholi
  • Bart Jacobs
Conference paper

DOI: 10.1007/978-3-319-46598-2_8

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9871)
Cite this paper as:
van den Broek F., Hampiholi B., Jacobs B. (2016) Securely Derived Identity Credentials on Smart Phones via Self-enrolment. In: Barthe G., Markatos E., Samarati P. (eds) Security and Trust Management. STM 2016. Lecture Notes in Computer Science, vol 9871. Springer, Cham

Abstract

In the last decade traditional identity documents have been equipped with an embedded NFC-chip to enable wireless access to the relevant data. This applies in particular to passports, following the ICAO standard, but increasingly also to other identification documents, such as driver’s licenses. Such electronic identity (eID) documents can now be used as “mother cards” by the users to remotely enrol and obtain derived credentials which can in turn be used for identification and authentication, notably on smart phones. These self-enrolment possibilities are becoming popular, because they are easier and cheaper than traditional, face-to-face enrolments.

This paper first describes a protocol for obtaining credentials on smart phones from an eID document, that has been implemented using the “IRMA” attribute-based credential technology. This basic protocol cannot exclude that someone enrols with another person’s eID document. Subsequently several mechanisms are discussed for securing a proper binding between the user and the eID document used for enrolment.

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Fabian van den Broek
    • 1
  • Brinda Hampiholi
    • 1
  • Bart Jacobs
    • 1
  1. 1.Institute for Computing and Information SciencesRadboud UniversityNijmegenThe Netherlands

Personalised recommendations