August 5, 2009
Project: Smart Identity Card
We were the first to establish an autonomous anonymous credential system on a standard Java Card. This prototype implementation of an Identity Mixer variant that combines strong authentication and privacy properties. It allows a user to proving possession of the card as well as selectively disclose identity attributes, while keeping all her other personal data perfectly confidential. We see this technology as potential complement to electronic identity cards.
See the Smart Identity Card portal page.
In particular the card has the following properties.
- Autonomous credential system – the anonymous credential system completely resides on card and does not depend on joint computation with the PC or terminal. It is secure in face of a untrusted terminal.
- Secure keylength – in our prototype we used 1536-bit Strong RSA keys, yet the card is also capable of longer keylength such as 1984 bits.
- Transaction times on the order of seconds – an standard proof of possession with 1536-bit keys takes 7.5 sec pre-computation time while the user makes her policy consent decision and 2.5 actual response time after the user entered the policy.
We used the following Java Card:
- NXP JCOP 41 v2.2, mask 36. This card is in the midfield of available smart cards, not top of the line.
This project received the 2009 Innovation Award of the German society for computer science (comparable to the ACM in Germany).