A general certification framework with applications to privacy-enhancing certificate infrastructures

Abstract

Interactions in electronic media require mutual trust to be established, preferably through the release of certified information. Disclosing certificates for provisioning the required information often leads to the disclosure of additional information not required for the purpose of the interaction. For instance, ordinary certificates unnecessarily reveal their binary representation. We propose a certificate-based framework comprising protocol definitions and abstract interface specifications for controlled, that is well-specified, release of data. This includes controlled release during the certification of data and controlled release of certified data. The protocols are based on proofs of knowledge of certificates and relations over the attributes, ensuring that no side information but only the specified data are revealed. Furthermore, the protocols allow one to release certified data in plain or encrypted form and to prove general expressions over the data items. Our framework can be seen as a generalization of anonymous credential systems, group signature, traceable signature, and e-cash schemes. The framework encompasses a specification language that allows one to precisely specify what data to release and how to release them in the protocols. We outline how our framework can be implemented cryptographically. The key application of our framework is the user-controlled release of attributes. Leveraging ideas of public key infrastructures, a privacy PKI (pPKI) can be built on top of the framework. We consider our framework a central building block to achieve privacy on the Internet. © 2006 International Federation for Information Processing.