u-prove technoloty overview
TRANSCRIPT
![Page 1: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/1.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
U-Prove Technology Overview
November 2010
Monday, December 6, 2010
![Page 2: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/2.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
TOCIntroductionCommunity Technology PreviewAdditional CapabilitiesRSA DemoConclusion
2
Monday, December 6, 2010
![Page 3: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/3.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Introduction
Monday, December 6, 2010
![Page 4: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/4.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
HistoryU-Prove well established in academia
Patent portfolio (granted ‘93 – ’00)30+ scientific papers (from ‘93 onward)E-cash PoC and pilots with Siemens, Gemplus, KPN, DigiCash, Zero-Knowledge, Nokia
Credentica acquisition (Feb 2008)Patents, software, people
Microsoft incubationIncubated U-Prove-enabled ID platformPublic CTP (March ‘10)
4
Monday, December 6, 2010
![Page 5: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/5.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
U-Prove TechnologyStrong multi-party security technology for user-centric identity, data sharing, strong authentication, and digital signature
Allows you to build “e-tokens”
Has unique security, privacy, and efficiency benefits over “conventional” 5
Monday, December 6, 2010
![Page 6: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/6.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Gov
Minimal disclosure
CohoWinery
6
Monday, December 6, 2010
![Page 7: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/7.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Gov
Name: Alice SmithAddress: 1234 Pine, Seattle, WA
D.O.B.: 23-11-1955
Minimal disclosure
CohoWinery
6
Monday, December 6, 2010
![Page 8: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/8.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Gov
Name: Alice Smith
Address: 1234 Pine, Seattle, WA
D.O.B: 23-11-1955
Minimal disclosure
CohoWinery
6
Monday, December 6, 2010
![Page 9: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/9.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Gov
Minimal disclosure
CohoWinery
6
Monday, December 6, 2010
![Page 10: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/10.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Gov
Minimal disclosure
CohoWinery
The user can prove unanticipated properties about the encoded claims in
a U-Prove token issued to her in advance
Even in collusion, the issuing and relying parties cannot learn more about
the user than what was disclosed
6
Monday, December 6, 2010
![Page 11: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/11.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Gov
Minimal disclosure
CohoWinery
6
Monday, December 6, 2010
![Page 12: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/12.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Gov
Minimal disclosure
7
Monday, December 6, 2010
![Page 13: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/13.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Prove that you are over 21 and
from WA
Gov
Minimal disclosure
7
Monday, December 6, 2010
![Page 14: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/14.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Prove that you are over 21 and
from WA
Name: Alice Smith
Address: 1234 Pine, Seattle, WA
D.O.B: 23-11-1955
Gov
Minimal disclosure
7
Monday, December 6, 2010
![Page 15: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/15.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Prove that you are over 21 and
from WA
Name: Alice Smith
Address: 1234 Pine, Seattle, WA
D.O.B: 23-11-1955Over-21 proof
Gov
Minimal disclosure
7
Monday, December 6, 2010
![Page 16: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/16.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Prove that you are over 21 and
from WA
Gov
Minimal disclosure
7
Monday, December 6, 2010
![Page 17: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/17.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Which adult from WA is
this?
Gov
Minimal disclosure
7
Monday, December 6, 2010
![Page 18: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/18.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Which adult from WA is
this?
Gov
?
Minimal disclosure
7
Monday, December 6, 2010
![Page 19: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/19.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Which adult from WA is
this?
Gov
?The user can prove unanticipated properties about the encoded claims in
a U-Prove token issued to her in advance
Even in collusion, the issuing and relying parties cannot learn more about
the user than what was disclosed
Minimal disclosure
7
Monday, December 6, 2010
![Page 20: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/20.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Which adult from WA is
this?
Gov
?
Minimal disclosure
7
Monday, December 6, 2010
![Page 21: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/21.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
What’s new?Similar to conventional security tokens (X.509, SAML, Kerberos), but
U-Prove tokens contain no inescapable correlation handles
E.g., coins (unlinkable) vs. bills (w/ serial#)Users can prove properties of the claims
Disclose a subset of the claimsDerived claim: “birth date” to “over-21 proof”Negation: name not on the control list
8
Monday, December 6, 2010
![Page 22: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/22.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
U-Prove CTP
Released March 2010
Monday, December 6, 2010
![Page 23: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/23.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
U-Prove CTPSpecifications (released under Open Specification Promise)
U-Prove crypto specification (addressing feature subset)Integration into the ID metasystem specification
Open-source crypto SDKs (implementing crypto spec)Posted on Code Gallery, under the BSD licenseC# and Java versions
Identity platform integration (implementing integration spec)
Modified version of Windows CardSpace 2.0Extension to the Windows Identity FoundationModified version of Active Directory Federation Services 2.0
http://www.microsoft.com/u-prove10
Monday, December 6, 2010
![Page 24: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/24.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Federation + U-Prove
STS
Client
Identity Provider Relying Party
11
Monday, December 6, 2010
![Page 25: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/25.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Federation + U-Prove
STS
Client
Identity Provider Relying Party
IP
11
Monday, December 6, 2010
![Page 26: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/26.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Federation + U-Prove
STS
Client
trust
Identity Provider Relying Party
IPIP
11
Monday, December 6, 2010
![Page 27: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/27.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Federation + U-Prove
A. Tokenrequest
STS
Client
trust
Identity Provider Relying Party
IPIP
11
Monday, December 6, 2010
![Page 28: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/28.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Federation + U-Prove
A. Tokenrequest B. Token
response
STS
Client
trust
Identity Provider Relying Party
IPIP
11
Monday, December 6, 2010
![Page 29: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/29.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Federation + U-Prove
A. Tokenrequest B. Token
response
1. Request access
STS
Client
trust
Identity Provider Relying Party
IPIP
11
Monday, December 6, 2010
![Page 30: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/30.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Federation + U-Prove
A. Tokenrequest B. Token
response
1. Request access
2. Policy
STS
Client
trust
Identity Provider Relying Party
IPIP
11
Monday, December 6, 2010
![Page 31: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/31.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Federation + U-Prove
A. Tokenrequest B. Token
response
1. Request access
2. Policy
3. Token
STS
Client
trust
Identity Provider Relying Party
IPIP
11
Monday, December 6, 2010
![Page 32: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/32.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CTP featuresThe CTP implements the foundational U-Prove features:
Selective disclosure (i.e., no derived claims)Unlinkability of token issuance and presentationLong-lived token supportUser-signed presentation tokensData signature (in crypto SDKs only)
12
Monday, December 6, 2010
![Page 33: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/33.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
U-Prove technology additional capabilities
Monday, December 6, 2010
![Page 34: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/34.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
U-Prove technology additional capabilitiesThe following slides provide a U-
Prove technology overview
(If you miss a step in the animation, press the left arrow to rewind)
Monday, December 6, 2010
![Page 35: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/35.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
U-Prove technology additional capabilities
Monday, December 6, 2010
![Page 36: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/36.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Gov
Censorable audit logs
14
Monday, December 6, 2010
![Page 37: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/37.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Adatum AuditorGov
Censorable audit logs
14
Monday, December 6, 2010
![Page 38: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/38.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Adatum AuditorGov
Censorable audit logs
Provide name and address and
get $20
14
Monday, December 6, 2010
![Page 39: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/39.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Adatum AuditorGov
Censorable audit logs
Provide name and address and
get $20
Name: Alice Smith
Address: 1234 Pine, Seattle, WA
D.O.B: 23-11-195514
Monday, December 6, 2010
![Page 40: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/40.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Adatum AuditorGov
Censorable audit logs
Provide name and address and
get $20
Name: Alice Smith
Address: 1234 Pine, Seattle, WA
D.O.B: 23-11-1955Over-21 proof
14
Monday, December 6, 2010
![Page 41: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/41.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Adatum AuditorGov
Censorable audit logs
14
Monday, December 6, 2010
![Page 42: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/42.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Adatum AuditorGov
Censorable audit logs
Name: Alice Smith
Address: 1234 Pine, Seattle, WA
DOB: 23-11-1955Over-21 proof
14
Monday, December 6, 2010
![Page 43: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/43.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Adatum AuditorGov
Censorable audit logs
Name: Alice Smith
Address: 1234 Pine, Seattle, WA
DOB: 23-11-1955Over-21 proof
14
Monday, December 6, 2010
![Page 44: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/44.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Adatum AuditorGov
Censorable audit logs
My customer was an adult
from WA
14
Monday, December 6, 2010
![Page 45: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/45.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Adatum AuditorGov
Censorable audit logs
My customer was an adult
from WA
Relying parties can remove disclosed information from presentation
transcripts (without invalidating the issuer’s and the user’s signatures),
keeping only what is necessary for audit compliance
14
Monday, December 6, 2010
![Page 46: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/46.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
CohoWinery
Adatum AuditorGov
Censorable audit logs
My customer was an adult
from WA
14
Monday, December 6, 2010
![Page 47: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/47.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ContosoResearch
Broker
Hospital Hospital
Broker-mediated disclosure
15
Monday, December 6, 2010
![Page 48: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/48.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ContosoResearch
Broker
Hospital Hospital
Name: Alice Smith
Address: 1234 Pine, Seattle, WA
Disorder: Anxiety
Broker-mediated disclosure
15
Monday, December 6, 2010
![Page 49: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/49.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ContosoResearch
Broker
Hospital Hospital
Broker-mediated disclosure
15
Monday, December 6, 2010
![Page 50: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/50.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ContosoResearch
Broker
Hospital Hospital
Name: John Doe
Address: 9 16th N, Seattle, WA
Disorder: Delusional
Broker-mediated disclosure
15
Monday, December 6, 2010
![Page 51: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/51.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ContosoResearch
Broker
Hospital Hospital
Broker-mediated disclosure
15
Monday, December 6, 2010
![Page 52: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/52.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ContosoResearch
Broker
Hospital Hospital
Broker-mediated disclosure
A broker can disclose anonymous data it collected to 3rd parties, while preserving the authenticity of the issuer’s signature
on the data
15
Monday, December 6, 2010
![Page 53: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/53.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ContosoResearch
Broker
Hospital Hospital
Broker-mediated disclosure
15
Monday, December 6, 2010
![Page 54: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/54.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ContosoResearch
Broker
HospitalHospital
Broker-mediated disclosure
Monday, December 6, 2010
![Page 55: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/55.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ContosoResearch
Broker
HospitalHospital
Clients from Seattle with mental
disorder?
Broker-mediated disclosure
Monday, December 6, 2010
![Page 56: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/56.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ContosoResearch
Broker
HospitalHospital
Name: Alice smith
Address: 1234 Pine, Seattle, WA
Disorder: Anxiety
Clients from Seattle with mental
disorder?
Broker-mediated disclosure
Monday, December 6, 2010
![Page 57: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/57.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ContosoResearch
Broker
HospitalHospital
Name: Alice smith
Address: 1234 Pine, Seattle, WA
Disorder: Anxiety
Name: John Doe
Address: 9 16th N, Seattle, WA
Disorder: Delusional
Clients from Seattle with mental
disorder?
Broker-mediated disclosure
Monday, December 6, 2010
![Page 58: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/58.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ContosoResearch
Broker
HospitalHospital
Name: Alice smith
Address: 1234 Pine, Seattle, WA
Disorder: Anxiety
Name: John Doe
Address: 9 16th N, Seattle, WA
Disorder: Delusional
Clients from Seattle with mental
disorder?
Names are different
Both from Seattle
Both are mental disorders
Broker-mediated disclosure
Monday, December 6, 2010
![Page 59: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/59.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ContosoResearch
Broker
HospitalHospital
Name: Alice smith
Address: 1234 Pine, Seattle, WA
Disorder: Anxiety
Name: John Doe
Address: 9 16th N, Seattle, WA
Disorder: Delusional
Clients from Seattle with mental
disorder?
Names are different
Both from Seattle
Both are mental disorders
Broker-mediated disclosure
Monday, December 6, 2010
![Page 60: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/60.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ContosoResearch
Broker
HospitalHospital
Clients from Seattle with mental
disorder?
Names are different
Both from Seattle
Both are mental disorders
Broker-mediated disclosure
Monday, December 6, 2010
![Page 61: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/61.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ContosoResearch
Broker
HospitalHospital
Clients from Seattle with mental
disorder?
Names are different
Both from Seattle
Both are mental disorders
Broker-mediated disclosure
A broker can disclose anonymous data it collected to 3rd parties, while preserving the authenticity of the issuer’s signature
on the data
Monday, December 6, 2010
![Page 62: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/62.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ContosoResearch
Broker
HospitalHospital
Clients from Seattle with mental
disorder?
Names are different
Both from Seattle
Both are mental disorders
Broker-mediated disclosure
Monday, December 6, 2010
![Page 63: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/63.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Adatum Auditor
Revocation
Woodgrove Bank
17
Monday, December 6, 2010
![Page 64: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/64.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Adatum Auditor
Name: Alice SmithEmail: [email protected]: Auditor
Revocation
Woodgrove Bank
17
Monday, December 6, 2010
![Page 65: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/65.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Adatum Auditor
Name: Alice SmithEmail: [email protected]: Auditor
REVOKED
Revocation
Woodgrove Bank
17
Monday, December 6, 2010
![Page 66: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/66.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Adatum Auditor
Name: Alice SmithEmail: [email protected]: Auditor
REVOKED
Prove that you are a valid
auditor
Revocation
Woodgrove Bank
17
Monday, December 6, 2010
![Page 67: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/67.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Adatum Auditor
Name: Alice SmithEmail: [email protected]: Auditor
Name: Alice Smith
Email: [email protected]
Role: Auditor
REVOKED
Prove that you are a valid
auditor
Revocation
Woodgrove Bank
17
Monday, December 6, 2010
![Page 68: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/68.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Adatum Auditor
Name: Alice SmithEmail: [email protected]: Auditor
Name: Alice Smith
Email: [email protected]
Role: Auditor
not revoked proof
REVOKED
Prove that you are a valid
auditor
Revocation
Woodgrove Bank
17
Monday, December 6, 2010
![Page 69: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/69.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Adatum Auditor
Name: Alice SmithEmail: [email protected]: Auditor
REVOKED
Prove that you are a valid
auditor
Revocation
Woodgrove Bank
17
Monday, December 6, 2010
![Page 70: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/70.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Adatum Auditor
Name: Alice SmithEmail: [email protected]: Auditor
REVOKED
Prove that you are a valid
auditor
Revocation
Woodgrove Bank
Issued U-Prove tokens can be revoked by the issuer, even if no connection to
the issuer is made when the user presents the tokens
17
Monday, December 6, 2010
![Page 71: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/71.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Adatum Auditor
Name: Alice SmithEmail: [email protected]: Auditor
REVOKED
Prove that you are a valid
auditor
Revocation
Woodgrove Bank
17
Monday, December 6, 2010
![Page 72: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/72.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
UniversityGov
Bookstore
Trusted device
Monday, December 6, 2010
![Page 73: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/73.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
UniversityGov
Bookstore
Trusted device
Monday, December 6, 2010
![Page 74: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/74.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
UniversityGov
Bookstore
Trusted device
Monday, December 6, 2010
![Page 75: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/75.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
UniversityGov
Bookstore
Trusted device
Monday, December 6, 2010
![Page 76: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/76.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
UniversityGov
Bookstore
Trusted device
Monday, December 6, 2010
![Page 77: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/77.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
UniversityGov
Bookstore
Trusted device
A trusted device (smartcard, TPM chip, remote service) can hold part of the
tokens’ private key (even those issued by other issuers) and efficiently help
presenting them
Monday, December 6, 2010
![Page 78: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/78.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
UniversityGov
Bookstore
Trusted device
Monday, December 6, 2010
![Page 79: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/79.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Gov
Data signing
RevenueAgency
19
Monday, December 6, 2010
![Page 80: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/80.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Gov
Data signing
RevenueAgency
Tax form
19
Monday, December 6, 2010
![Page 81: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/81.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Gov
Data signing
RevenueAgency
Tax form
Alice Smith
19
Monday, December 6, 2010
![Page 82: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/82.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Gov
Data signing
RevenueAgency
Tax form
Alice Smith
19
Monday, December 6, 2010
![Page 83: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/83.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Gov
Data signing
RevenueAgency
Tax form
Alice Smith
The user can non-interactively sign arbitrary data using a U-Prove token,
attaching any encoded claim property to the signature
19
Monday, December 6, 2010
![Page 84: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/84.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Gov
Data signing
RevenueAgency
Tax form
Alice Smith
19
Monday, December 6, 2010
![Page 85: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/85.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
RSA 2010 Demohttp://www.microsoft.com/mscorp/twc/endtoendtrust/vision/uprove.aspx
20
Monday, December 6, 2010
![Page 86: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/86.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
RSA 2010 demo E-Book
OKS Feedback
CardSpace
2. Prove registered
student, view e-book online
3. Leave anonymous feedback
OKS Registration
German nPA card
1. Register online, get
student infocard
21
Monday, December 6, 2010
![Page 87: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/87.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
RSA 2010 demo detailsUser presents German nPA card to prove identity to university when registering onlineUniversity issues a student (U-Prove) information card supporting claims from the nPA card and registration dataStudent visits online book store, proves that she is a registered computer science student, and can view a book for freeStudent visits a university feedback portal, discloses her registered classes (and optionally her gender), and submits 22
Monday, December 6, 2010
![Page 88: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/88.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Conclusion
Monday, December 6, 2010
![Page 89: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/89.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Summary of benefitsSupport for full spectrum of assurance
From anonymity, to pseudonymity, to full identificationMaintains strong accountability (revocation, audit trail, misuse tracing)Minimal disclosure and user control
Strong multi-party securityPhishing-resistant strong authenticationEliminates some insider attacks at IdP / CALending / pooling / reuse protectionsEfficient hardware protection
On-demand or disconnected 24
Monday, December 6, 2010
![Page 90: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/90.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ResourcesVideos:
Scott Charney’s RSA 2010 announcement: http://www.rsaconference.com/2010/usa/recordings/keynote-catalog.htm
Intro: http://channel9.msdn.com/shows/Identity/Announcing-Microsofts-U-Prove-Community-Technical-Preview-CTP
Technology overview: http://edge.technet.com/Media/Learn-what-Microsofts-U-Prove-release-is-all-about
U-Prove CTP (March 2010):Download location: http://www.microsoft.com/u-prove
Developer video: http://channel9.msdn.com/shows/Identity/U-Prove-CTP-a-developers-perspective/
25
Monday, December 6, 2010
![Page 91: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/91.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
The U-Prove mixing
Availability
Security
Privacy
Offline Synchronized Online
Software Shared Hardware
Anonymity Pseudonymity Full identification
enabling a larger use-case spectrum
26
Monday, December 6, 2010
![Page 92: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/92.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
The U-Prove mixing
Availability
Security
Privacy
Offline Synchronized Online
Software Shared Hardware
Anonymity Pseudonymity Full identification
enabling a larger use-case spectrum
26
Monday, December 6, 2010
![Page 93: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/93.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Demo (using March 2010 CTP)
Monday, December 6, 2010
![Page 94: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/94.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
ScenarioAlice is issued an eID information card
The information card is protected by a X.509 certificate, e.g., stored on the eID smartcard. (Here, the certificate is installed on the machine)
She thenObtains lab results from a hospital after proving who she isLeaves anonymous comments at her government citizen forumBuys wine online, proving she is over-21 and from Washington, leaving behind an auditable presentation transcript of these facts 28
Monday, December 6, 2010
![Page 95: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/95.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Scenario summaryeID IdP Hospital RP
Wine store RP
Forum RP
CardSpace
1. Obtain eID card
eID
2. Access lab results (name, address, DoB)
4. Buy wine (state/
province, over-21)
3. Leave comments
(PPID, country)
29
Monday, December 6, 2010
![Page 96: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/96.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
eID Card ProvisioningUser downloads eID information card (after appropriate identity proofing)
E.g., visits point of service in person and receives an activation code
CardSpace efficiently retrieves multiple U-Prove tokens encoding the card claim values
The user authenticates to the STS using her X.509 certTokens are stored securely encrypted on the machine
Benefits:Reduces load on IdP’s STS, which won’t get hit every time the user presents the cardIdP will not be aware of the user’s card usage 30
Monday, December 6, 2010
![Page 97: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/97.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Hospital lab resultsUser presents full address, name, and D.o.B., and hospital locates her lab resultsSame security/privacy as if the user presented her ID in person
31
Monday, December 6, 2010
![Page 98: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/98.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Government forumUser leaves comments on a forum using an “authenticated” pseudonym
Users are anonymous, but only members of the community (e.g., US resident) can leave commentsNo one (including the IdP itself) can hijack the pseudonym and post “forged” comments
PPID claim value is derived from the presented U-Prove token
32
Monday, December 6, 2010
![Page 99: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/99.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Wine storeUser buys some wine online, proving she is over-21 and in which province/state she resides
CardSpace applies the U-Prove token’s private key when presenting the token; resulting presentation token is an auditable proof
In contrast, “proof keys” are not applied by identity selectors in web scenarios
33
Monday, December 6, 2010
![Page 100: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/100.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Crypto Details
Monday, December 6, 2010
![Page 101: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/101.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Blind Signature protocol
Illustrates a simple blind signatureU-Prove token issuance uses a “restrictive” blinding technique
More complex process to certify attributes
Issuer
35
Monday, December 6, 2010
![Page 102: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/102.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Blind Signature protocol
Illustrates a simple blind signatureU-Prove token issuance uses a “restrictive” blinding technique
More complex process to certify attributes
Issuer
35
Monday, December 6, 2010
![Page 103: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/103.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Blind Signature protocol
Illustrates a simple blind signatureU-Prove token issuance uses a “restrictive” blinding technique
More complex process to certify attributes
Issuer
35
Monday, December 6, 2010
![Page 104: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/104.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Blind Signature protocol
Illustrates a simple blind signatureU-Prove token issuance uses a “restrictive” blinding technique
More complex process to certify attributes
Issuer
35
Monday, December 6, 2010
![Page 105: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/105.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Blind Signature protocol
Illustrates a simple blind signatureU-Prove token issuance uses a “restrictive” blinding technique
More complex process to certify attributes
Issuer
35
Monday, December 6, 2010
![Page 106: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/106.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Blind Signature protocol
Illustrates a simple blind signatureU-Prove token issuance uses a “restrictive” blinding technique
More complex process to certify attributes
Issuer
35
Monday, December 6, 2010
![Page 107: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/107.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Blind Signature protocol
NameAcct. NumberExpiration
Issuer
Illustrates a simple blind signatureU-Prove token issuance uses a “restrictive” blinding technique
More complex process to certify attributes
Issuer
35
Monday, December 6, 2010
![Page 108: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/108.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Blind Signature protocol
NameAcct. NumberExpiration
Issuer
Illustrates a simple blind signatureU-Prove token issuance uses a “restrictive” blinding technique
More complex process to certify attributes
Issuer
35
Monday, December 6, 2010
![Page 109: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/109.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Blind Signature protocol
NameAcct. NumberExpiration
Issuer
Issuer
NameAcct. NumberExpiration
Illustrates a simple blind signatureU-Prove token issuance uses a “restrictive” blinding technique
More complex process to certify attributes
Issuer
35
Monday, December 6, 2010
![Page 110: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/110.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Proof of Knowledge Protocol
Issuer
NameAcct. NumberExpiration
Notes:Verifier only learns disclosed information, and is convinced that Alice knows the private key
Verifier
36
Monday, December 6, 2010
![Page 111: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/111.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Proof of Knowledge Protocol
Issuer
NameAcct. NumberExpiration
Challenge
Notes:Verifier only learns disclosed information, and is convinced that Alice knows the private key
Verifier
36
Monday, December 6, 2010
![Page 112: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/112.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Proof of Knowledge Protocol
Issuer
NameAcct. NumberExpiration
Not revoked
Challenge
Notes:Verifier only learns disclosed information, and is convinced that Alice knows the private key
Verifier
36
Monday, December 6, 2010
![Page 113: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/113.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Proof of Knowledge Protocol
Issuer
NameAcct. NumberExpiration
Not revoked
Challenge
Proof
Notes:Verifier only learns disclosed information, and is convinced that Alice knows the private key
Verifier
36
Monday, December 6, 2010
![Page 114: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/114.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Proof of Knowledge Protocol
Issuer
NameAcct. NumberExpiration
Not revoked
Proof
Notes:Verifier only learns disclosed information, and is convinced that Alice knows the private key
Verifier
36
Monday, December 6, 2010
![Page 115: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/115.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
Schnorr protocolGoal: prove knowledge of α w.r.t. g on the public element h = gα
ProverPick w at randoma := gw
r := cα + w
Verifier
Pick c at random
Verify gr = ahc
a
c
r
37
Monday, December 6, 2010
![Page 116: U-Prove technoloty overview](https://reader036.vdocuments.net/reader036/viewer/2022081503/62a29d6cd088495c35504b96/html5/thumbnails/116.jpg)
Copyright © Microsoft Corporation. All Rights Reserved.
U-Prove protocolsU-Prove public key is a bit more complex: h := (g0
g1x
1 … gkx
k)α
The xi values encode the attributesUses Schnorr protocol as a primitive to prove properties of the attributes, e.g.,
x1 = 1x2 != “alice”x3 >= 21(x1 – x3) / x2 > x4
38
Monday, December 6, 2010