[17199] in cryptography@c2.net mail archive
Microsoft info-cards to use blind signatures?
daemon@ATHENA.MIT.EDU (R.A. Hettinga)
Fri May 20 14:26:47 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 3 Apr 2005 23:01:33 -0500
To: cryptography@metzdowd.com
From: "R.A. Hettinga" <rah@shipwright.com>
<http://www.idcorner.org/index.php?p=88>
The Identity Corner
Stephan Brands
A corner on IDs
Postings on anything related to digital identity management.
3/30/2005
Microsoft info-cards to use blind signatures?
Posted by Stefan at 10:37 am
Microsoft yesterday confirmed that it will provide info-card software into
Windows that will "put control of digital IDs into the hands of an
end-user" so that "the end-user will be in full control." Thus far, the
company has revealed no technical details about how info-cards will ensure
the privacy of certified identity assertions as they are being passed
around by their users. Now, I just learned that Microsoft last week has
been granted US patent no. 6,871,276 titled "Controlled-content recoverable
blinded certificates." Since I found out about this patent only half an
hour ago, I cannot yet comment on the novelty of the proposed solution,
other than that it seems to be a minor twist on Chaum's blind signature
patent that was filed in 1983. (The twist seems to be to use the
"decryption" exponent d to encode meaningful attribute information, a
technique that certainly has already been described by Chaum in various of
his post-1983 papers as well as patents; I need to review the entire patent
text first, however, before I can tell with certainty if there is a
significant and "technically non-obvious" difference in the proposed
encoding techniques.) Issues regarding patentability and technical
shortcomings notwithstanding, I am genuinely excited about this
development, if it can be taken as an indication that Microsoft is getting
serious about "privacy by design" for identity management. That is a big
"if," however: indeed, the same Microsoft researcher who came up with the
patent (hello Dan!) was also responsible for Microsoft e-cash patent no.
5,768,385 that was granted in 1998 but was never pursued. (See here for a
brief evaluation of the technical merits of that patent.) I am looking
forward to Microsoft coming forth with some technical details on
info-cards. Kim, can you share with us a few insights on the info-card
privacy design on your personal blog?
--
-----------------
R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
