Copyright © Microsoft Corporation. All Rights Reserved. Kantara Paris October 2010 Presented By: Kim Cameron Chief Architect of Identity Microsoft

Copyright © Microsoft Corporation. All Rights Reserved. Things to discuss Identity Metasystem Unity and Simplicity Example: OAuth and OpenID Example: Kantara and IdentityCommons Minimal Disclosure Technology Next Generation Technology

Copyright © Microsoft Corporation. All Rights Reserved. Problem #1: Security Compromise IdP credential, access all RPs Phishing problem Strong authentication to IdP is possible, but authentication to RP is weaker Issued tokens are software only (token hijacking attacks, transferability) IdP is all powerful IdP (insider, malicious code) can surreptitiously act on the users’ behalf Selectively deny access

Copyright © Microsoft Corporation. All Rights Reserved. Problem #2: Privacy IdP can profile user’s activities Even if IdP doesn’t learn the visited RP, profiling is possible by colluding parties (or insiders) Timing correlation Unique correlation handles (e.g., digital signatures, serial numbers, etc.)

Copyright © Microsoft Corporation. All Rights Reserved. Problem #3: Scalability All tokens are retrieved on-demand IdP must be available 24/7 IdP is a central point of failure Nice target for denial of service attack IdP is a bottleneck for every user access

Copyright © Microsoft Corporation. All Rights Reserved. Wouldn’t it be great to have one set of Tokens and Protocols, usable through all these classes of services, providing Advanced Security & Privacy U-Prove Privacy by Design

Copyright © Microsoft Corporation. All Rights Reserved. Agenda Introduction U-Prove Technology overview Key scenarios and target customers U-Prove Community Technology Preview Conclusions

Copyright © Microsoft Corporation. All Rights Reserved. U-Prove Technology Strong multi-party security technology for user-centric identity, data sharing, strong authentication, and digital signature Allows you to build “e-tokens” Has unique security, privacy, and efficiency benefits over “conventional” crypto

Copyright © Microsoft Corporation. All Rights Reserved. What’s new? Stronger security in cross-org environments E.g. Improved Federation, Anti-phishing Improved availability and privacy by leveraging long-lived tokens Similar to conventional security tokens (X.509, SAML, Kerberos), but U-Prove tokens contain no inescapable correlation handles E.g., coins (unlinkable) vs. bills (w/ serial#) Users can prove properties of the claims Disclose a subset of the claims Derived claim: “birth date” to “over-21 proof” Negation: name not on the control list Not in current version

Copyright © Microsoft Corporation. All Rights Reserved. Gov Name:Alice Smith Address:12 hoghstrasse, GE, Berlin Adult:Over 18 Name:Alice Smith Address:12 hoghstrasse, Berlin, GE D.O.B: Selective disclosure Local Referendum The user can selectively disclose claims in a U-Prove token issued to her in advance Even in collusion, the issuing and relying parties cannot learn more about the user than what was disclosed

Copyright © Microsoft Corporation. All Rights Reserved. Local Referendum Prove that you are over 18 and from Berlin Name:Alice Smith Address:12 hoghstrasse, GE, Berlin Adult:Over 18 Which adult from Berlin is this? Selective disclosure Gov ? The user can selectively disclose claims in a U-Prove token issued to her in advance Even in collusion, the issuing and relying parties cannot learn more about the user than what was disclosed

Copyright © Microsoft Corporation. All Rights Reserved. A glimpse on the magic How can one hide elements of a Token without breaking the authenticity? All attributes are encoded into the Token’s signature The user can disclose the attributes. The RP does the encoding before verifying the signature Or the user can hide the attributes by providing the encoding himself. The RP can still validate the signature How can one hide the token’s Public Key from the Issuer? How can one hide the Issuer’s signature from the Issuer? Cryptographic Blinding. The issuer signs a blinded/randomized message (Public Key). The user can will do additional operations to remove the blinding factor and as such calculate a new signature which can be validated by RPs Issuer never sees the real Public Key, nor its signature

Copyright © Microsoft Corporation. All Rights Reserved. Why do we need these features? Using U-Prove will provide privacy by design Applications can still use unique identifiers but can chose to hide them where it makes sense. This is impossible with classical techniques such as X.509 Much richer set of protocols for doing our today’s digital transactions X.509 – correlation handles by design Every transaction involves the Public Key which is a unique identifier Issuer signs the user’s Public Key. This signature is again a unique identifier RP uses the Public Key to validate signature X.509 attributes are stored in certificate and will always be presented and stored (e.g. National Identifiers in eID)

Copyright © Microsoft Corporation. All Rights Reserved. U-Prove Token Details

Copyright © Microsoft Corporation. All Rights Reserved. University Gov Bookstore Trusted device A trusted device (smartcard, TPM chip, remote service) can hold part of the tokens’ private key (even those issued by other issuers) and efficiently help presenting them

Copyright © Microsoft Corporation. All Rights Reserved. Underlying crypto Based on the Brands protocols 30+ papers (from ‘93 onward) MIT Press book, foreword by Ron Rivest Issuance uses a “restrictive blind signature” Issuer knows the attributes, but never sees the resulting public key and signature on tokens Presentation uses a proof of knowledge Prove a secret without leaking any info about it Generalization of the Schnorr protocol

Copyright © Microsoft Corporation. All Rights Reserved. Agenda Introduction U-Prove Technology overview Key scenarios and target customers U-Prove Community Technology Preview Conclusions

Copyright © Microsoft Corporation. All Rights Reserved. Key markets and customers E-Government Health Record Management Cloud computing “Don’t trust us” service providers Advertizing Privacy-protecting ad platform E-Cash Technology history National Security Need-to-know access

Copyright © Microsoft Corporation. All Rights Reserved. Local Authority Central Government Trust Identity Providers Parking Permit Application Attribute Providers Citizen Trust U-Prove Agent AtP2AtP1 IdP2IdP1 Benefits App Job Search App Other App Parking Permit AppService STS

Copyright © Microsoft Corporation. All Rights Reserved. Parking Permit Use Attribute Providers to provide Authorization information Don’t Store all information in one database Use Federation Protocols Use Minimal Disclosure Collect Valued Attributes from different locations Loose coupling Claims-Based Architecture U-Prove Agent collects claims on behalf of the user Client or Cloud Service Privacy by Design

Copyright © Microsoft Corporation. All Rights Reserved. e-Participation Application e-Referendum Unique e-Referendum Requirements True identities to validate whether user is eligable to participate Anonymous Transactions Unlinkable when doing transactions on the same site (e.g. Multiple referenda) Protected by U-Prove

Copyright © Microsoft Corporation. All Rights Reserved. Access Application Prove Identity using eID, receive Ballot Check claims UID– one ballot per UID >18y? Community? Present Ballot User U-Prove Agent e-Referendum App U-Prove Issuer e-Referendum Flow

Copyright © Microsoft Corporation. All Rights Reserved. eParticipation White Paper & Video ndtrust/vision/eid.aspx ndtrust/vision/eid.aspx

Copyright © Microsoft Corporation. All Rights Reserved. Agenda Introduction U-Prove Technology overview Key scenarios and target customers U-Prove Community Technology Preview Conclusions

Copyright © Microsoft Corporation. All Rights Reserved. Resources U-Prove CTP Portal ook.html ook.html Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy Dr. Stefan Brands Published in 2000 Now available as free ebook

Copyright © Microsoft Corporation. All Rights Reserved. U-Prove CTP contents Specs (released under OSP) Crypto specification Integration into the ID metasystem spec WS-Trust/information card profile Identity platform integration Modified version of CardSpace 2.0 Extension to Windows Identity Foundation (WIF) Modified version of AD FS 2.0 Open-source crypto SDKs Posted on Code Gallery, under the BSD license Java and.Net versions

Copyright © Microsoft Corporation. All Rights Reserved. CTP features The CTP implements a minimal, yet fundamental set of features: Selective disclosure (i.e., no derived claims) Unlinkability of token issuance and presentation Long-lived token support User-signed presentation tokens Data signature (in crypto SDKs only)

Copyright © Microsoft Corporation. All Rights Reserved. Agenda Introduction U-Prove Technology overview Key scenarios and target customers U-Prove Community Technology Preview Conclusions

Copyright © Microsoft Corporation. All Rights Reserved. Summary of benefits Support for full privacy spectrum From anonymity, to pseudonymity, to full identification Maintains strong accountability (revocation, audit trail, misuse tracing) Minimal disclosure and user control Strong multi-party security Phishing-resistant strong authentication Eliminates some insider attacks at IdP / CA Lending / pooling / reuse protections Efficient hardware protection On-demand or disconnected presentations

Copyright © Microsoft Corporation. All Rights Reserved. More Benefits Allows to marriage “unmarriagiable” requirements eID identifiers, unlinkability & anonymity More broader benefit “Privacy By Design” Patent Free Open Source Incubation!

Copyright © Microsoft Corporation. All Rights Reserved. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.