Identity, Privacy and Trust

Feb 8 2008   8:49AM GMT

Does minimal disclosure provide maximum protection?

tobystevens tobystevens Profile: tobystevens

Tags:
identity cards
privacy
technologies

A Canadian company has launched an identification service that embodies some of the most important principles of identity crime prevention.

Credentica is the brainchild of Stefan Brands, cryptographer and privacy pioneer*. He’s one of only a handful of individuals who combines a fearsome grasp of technology with a deep understanding of the social and commercial issues that affect privacy. In a nutshell, Credentica allows individuals to make assertions about themselves online without revealing any unnecessary data. If this takes off, it could rewrite the entire way we approach online and offline transactions.

Think about the unnecessary and invasive data trail we leave every time we make a transaction. For example, a debit card tells a retailer my name, card number, bank account number and sort code, signature, with whom I bank (and hence a good guess at my nationality), when I expect to receive a replacement card, and possibly even a little about my account status if it’s a gold card or it’s issued by a high-net-worth bank. All the retailer actually needs to know is that I’m the legitimate holder of that card, and that the transaction will be honoured – everything else is unnecessary. If I hand over a loyalty card at the same time, then I’m giving the retailer the ability to aggregate my spending habits across time and shopping outlets. And these transactions can be aggregated across retailers and card issuers, resulting in a detailed profile about me.

The beauty of Credentica’s U-Prove service is that it offers the cryptographic mechanisms to deliver this minimal disclosure by using a software development kit, rather than providing the delivery mechanism itself, so providing organisations can implement their own privacy services (ask Microsoft what they learned about inappropriate third parties through MS-Passport). Stefan’s plans are certainly attracting interest, and seem to be getting support in the right places – hopefully it won’t be long before we see implementations in Europe.

* I have no personal or commercial association with Stefan or Credentica.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • William
    I've loved Stefan Brands' work form the moment I read the first chapter of his dissertation book - the best exposition of the data trail problem I've seen. But from chapter 2 onwards I didnt even recognise the symbols, far less understand the formulae which ran over several pages. I take the fact he's solved these problems on trust. It's great that there are solutions available. The problem in the UK context is there seems to be no demand for the architecture for a just, respectful and non-intrusive e-enabled society.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: