U-Prove technoloty overview

Copyright © Microsoft Corporation. All Rights Reserved.

U-Prove Technology Overview

November 2010

Monday, December 6, 2010


TOCIntroductionCommunity Technology PreviewAdditional CapabilitiesRSA DemoConclusion

2



Introduction



HistoryU-Prove well established in academia

Patent portfolio (granted ‘93 – ’00)30+ scientific papers (from ‘93 onward)E-cash PoC and pilots with Siemens, Gemplus, KPN, DigiCash, Zero-Knowledge, Nokia

Credentica acquisition (Feb 2008)Patents, software, people

Microsoft incubationIncubated U-Prove-enabled ID platformPublic CTP (March ‘10)

4



U-Prove TechnologyStrong multi-party security technology for user-centric identity, data sharing, strong authentication, and digital signature

Allows you to build “e-tokens”

Has unique security, privacy, and efficiency benefits over “conventional” 5



Gov

Minimal disclosure

CohoWinery

6



Gov

Name: Alice SmithAddress: 1234 Pine, Seattle, WA

D.O.B.: 23-11-1955

Minimal disclosure

CohoWinery

6



Gov

Name: Alice Smith

Address: 1234 Pine, Seattle, WA

D.O.B: 23-11-1955

Minimal disclosure

CohoWinery

6



Gov

Minimal disclosure

CohoWinery

6



Gov

Minimal disclosure

CohoWinery

The user can prove unanticipated properties about the encoded claims in

a U-Prove token issued to her in advance

Even in collusion, the issuing and relying parties cannot learn more about

the user than what was disclosed

6



Gov

Minimal disclosure

CohoWinery

6



CohoWinery

Gov

Minimal disclosure

7



CohoWinery

Prove that you are over 21 and

from WA

Gov

Minimal disclosure

7



CohoWinery


from WA

Name: Alice Smith


D.O.B: 23-11-1955

Gov

Minimal disclosure

7



CohoWinery


from WA

Name: Alice Smith


D.O.B: 23-11-1955Over-21 proof

Gov

Minimal disclosure

7



CohoWinery


from WA

Gov

Minimal disclosure

7



CohoWinery

Which adult from WA is

this?

Gov

Minimal disclosure

7



CohoWinery


this?

Gov

?

Minimal disclosure

7



CohoWinery


this?

Gov

?The user can prove unanticipated properties about the encoded claims in

a U-Prove token issued to her in advance

Even in collusion, the issuing and relying parties cannot learn more about

the user than what was disclosed

Minimal disclosure

7



CohoWinery


this?

Gov

?

Minimal disclosure

7



What’s new?Similar to conventional security tokens (X.509, SAML, Kerberos), but

U-Prove tokens contain no inescapable correlation handles

E.g., coins (unlinkable) vs. bills (w/ serial#)Users can prove properties of the claims

Disclose a subset of the claimsDerived claim: “birth date” to “over-21 proof”Negation: name not on the control list

8



U-Prove CTP

Released March 2010



U-Prove CTPSpecifications (released under Open Specification Promise)

U-Prove crypto specification (addressing feature subset)Integration into the ID metasystem specification

Open-source crypto SDKs (implementing crypto spec)Posted on Code Gallery, under the BSD licenseC# and Java versions

Identity platform integration (implementing integration spec)

Modified version of Windows CardSpace 2.0Extension to the Windows Identity FoundationModified version of Active Directory Federation Services 2.0

http://www.microsoft.com/u-prove10


http://www.microsoft.com/u-prove



Federation + U-Prove

STS

Client

Identity Provider Relying Party

11




STS

Client


IP

11




STS

Client

trust


IPIP

11




A. Tokenrequest

STS

Client

trust


IPIP

11




A. Tokenrequest B. Token

response

STS

Client

trust


IPIP

11





response

1. Request access

STS

Client

trust


IPIP

11





response

1. Request access

2. Policy

STS

Client

trust


IPIP

11





response

1. Request access

2. Policy

3. Token

STS

Client

trust


IPIP

11



CTP featuresThe CTP implements the foundational U-Prove features:

Selective disclosure (i.e., no derived claims)Unlinkability of token issuance and presentationLong-lived token supportUser-signed presentation tokensData signature (in crypto SDKs only)

12



U-Prove technology additional capabilities



U-Prove technology additional capabilitiesThe following slides provide a U-

Prove technology overview

(If you miss a step in the animation, press the left arrow to rewind)



U-Prove technology additional capabilities



CohoWinery

Gov

Censorable audit logs

14



CohoWinery

Adatum AuditorGov


14



CohoWinery

Adatum AuditorGov


Provide name and address and

get $20

14



CohoWinery

Adatum AuditorGov



get $20

Name: Alice Smith


D.O.B: 23-11-195514



CohoWinery

Adatum AuditorGov



get $20

Name: Alice Smith


D.O.B: 23-11-1955Over-21 proof

14



CohoWinery

Adatum AuditorGov


14



CohoWinery

Adatum AuditorGov


Name: Alice Smith


DOB: 23-11-1955Over-21 proof

14



CohoWinery

Adatum AuditorGov


Name: Alice Smith


DOB: 23-11-1955Over-21 proof

14



CohoWinery

Adatum AuditorGov


My customer was an adult

from WA

14



CohoWinery

Adatum AuditorGov



from WA

Relying parties can remove disclosed information from presentation

transcripts (without invalidating the issuer’s and the user’s signatures),

keeping only what is necessary for audit compliance

14



CohoWinery

Adatum AuditorGov



from WA

14



ContosoResearch

Broker

Hospital Hospital

Broker-mediated disclosure

15



ContosoResearch

Broker

Hospital Hospital

Name: Alice Smith


Disorder: Anxiety


15



ContosoResearch

Broker

Hospital Hospital


15



ContosoResearch

Broker

Hospital Hospital

Name: John Doe

Address: 9 16th N, Seattle, WA

Disorder: Delusional


15



ContosoResearch

Broker

Hospital Hospital


15



ContosoResearch

Broker

Hospital Hospital


A broker can disclose anonymous data it collected to 3rd parties, while preserving the authenticity of the issuer’s signature

on the data

15



ContosoResearch

Broker

Hospital Hospital


15



ContosoResearch

Broker

HospitalHospital




ContosoResearch

Broker

HospitalHospital

Clients from Seattle with mental

disorder?




ContosoResearch

Broker

HospitalHospital

Name: Alice smith


Disorder: Anxiety


disorder?




ContosoResearch

Broker

HospitalHospital

Name: Alice smith


Disorder: Anxiety

Name: John Doe




disorder?




ContosoResearch

Broker

HospitalHospital

Name: Alice smith


Disorder: Anxiety

Name: John Doe




disorder?

Names are different

Both from Seattle

Both are mental disorders




ContosoResearch

Broker

HospitalHospital

Name: Alice smith


Disorder: Anxiety

Name: John Doe




disorder?

Names are different

Both from Seattle





ContosoResearch

Broker

HospitalHospital


disorder?

Names are different

Both from Seattle





ContosoResearch

Broker

HospitalHospital


disorder?

Names are different

Both from Seattle



A broker can disclose anonymous data it collected to 3rd parties, while preserving the authenticity of the issuer’s signature

on the data



ContosoResearch

Broker

HospitalHospital


disorder?

Names are different

Both from Seattle





Adatum Auditor

[email protected]

Revocation

Woodgrove Bank

17



Adatum Auditor

Name: Alice SmithEmail: [email protected]: Auditor

[email protected]

Revocation

Woodgrove Bank

17



Adatum Auditor


[email protected]

REVOKED

Revocation

Woodgrove Bank

17



Adatum Auditor


[email protected]

REVOKED

Prove that you are a valid

auditor

Revocation

Woodgrove Bank

17



Adatum Auditor


[email protected]

Name: Alice Smith

Email: [email protected]

Role: Auditor

REVOKED


auditor

Revocation

Woodgrove Bank

17



Adatum Auditor


[email protected]

Name: Alice Smith

Email: [email protected]

Role: Auditor

not revoked proof

REVOKED


auditor

Revocation

Woodgrove Bank

17



Adatum Auditor


[email protected]

REVOKED


auditor

Revocation

Woodgrove Bank

17



Adatum Auditor


[email protected]

REVOKED


auditor

Revocation

Woodgrove Bank

Issued U-Prove tokens can be revoked by the issuer, even if no connection to

the issuer is made when the user presents the tokens

17



Adatum Auditor


[email protected]

REVOKED


auditor

Revocation

Woodgrove Bank

17



UniversityGov

Bookstore

Trusted device



UniversityGov

Bookstore

Trusted device



UniversityGov

Bookstore

Trusted device



UniversityGov

Bookstore

Trusted device



UniversityGov

Bookstore

Trusted device



UniversityGov

Bookstore

Trusted device

A trusted device (smartcard, TPM chip, remote service) can hold part of the

tokens’ private key (even those issued by other issuers) and efficiently help

presenting them



UniversityGov

Bookstore

Trusted device



Gov

Data signing

RevenueAgency

19



Gov

Data signing

RevenueAgency

Tax form

19



Gov

Data signing

RevenueAgency

Tax form

Alice Smith

19



Gov

Data signing

RevenueAgency

Tax form

Alice Smith

19



Gov

Data signing

RevenueAgency

Tax form

Alice Smith

The user can non-interactively sign arbitrary data using a U-Prove token,

attaching any encoded claim property to the signature

19



Gov

Data signing

RevenueAgency

Tax form

Alice Smith

19



RSA 2010 Demohttp://www.microsoft.com/mscorp/twc/endtoendtrust/vision/uprove.aspx

20


http://www.microsoft.com/mscorp/twc/endtoendtrust/vision/uprove.aspx







RSA 2010 demo E-Book

OKS Feedback

CardSpace

2. Prove registered

student, view e-book online

3. Leave anonymous feedback

OKS Registration

German nPA card

1. Register online, get

student infocard

21



RSA 2010 demo detailsUser presents German nPA card to prove identity to university when registering onlineUniversity issues a student (U-Prove) information card supporting claims from the nPA card and registration dataStudent visits online book store, proves that she is a registered computer science student, and can view a book for freeStudent visits a university feedback portal, discloses her registered classes (and optionally her gender), and submits 22



Conclusion



Summary of benefitsSupport for full spectrum of assurance

From anonymity, to pseudonymity, to full identificationMaintains strong accountability (revocation, audit trail, misuse tracing)Minimal disclosure and user control

Strong multi-party securityPhishing-resistant strong authenticationEliminates some insider attacks at IdP / CALending / pooling / reuse protectionsEfficient hardware protection

On-demand or disconnected 24



ResourcesVideos:

Scott Charney’s RSA 2010 announcement: http://www.rsaconference.com/2010/usa/recordings/keynote-catalog.htm

Intro: http://channel9.msdn.com/shows/Identity/Announcing-Microsofts-U-Prove-Community-Technical-Preview-CTP

Technology overview: http://edge.technet.com/Media/Learn-what-Microsofts-U-Prove-release-is-all-about

U-Prove CTP (March 2010):Download location: http://www.microsoft.com/u-prove

Developer video: http://channel9.msdn.com/shows/Identity/U-Prove-CTP-a-developers-perspective/

25


http://www.rsaconference.com/2010/usa/recordings/keynote-catalog.htm

http://www.rsaconference.com/2010/usa/recordings/keynote-catalog.htm

http://channel9.msdn.com/shows/Identity/Announcing-Microsofts-U-Prove-Community-Technical-Preview-CTP




http://edge.technet.com/Media/Learn-what-Microsofts-U-Prove-release-is-all-about








http://channel9.msdn.com/shows/Identity/U-Prove-CTP-a-developers-perspective/







The U-Prove mixing

Availability

Security

Privacy

Offline Synchronized Online

Software Shared Hardware

Anonymity Pseudonymity Full identification

enabling a larger use-case spectrum

26



The U-Prove mixing

Availability

Security

Privacy

Offline Synchronized Online

Software Shared Hardware

Anonymity Pseudonymity Full identification

enabling a larger use-case spectrum

26



Demo (using March 2010 CTP)



ScenarioAlice is issued an eID information card

The information card is protected by a X.509 certificate, e.g., stored on the eID smartcard. (Here, the certificate is installed on the machine)

She thenObtains lab results from a hospital after proving who she isLeaves anonymous comments at her government citizen forumBuys wine online, proving she is over-21 and from Washington, leaving behind an auditable presentation transcript of these facts 28



Scenario summaryeID IdP Hospital RP

Wine store RP

Forum RP

CardSpace

1. Obtain eID card

eID

2. Access lab results (name, address, DoB)

4. Buy wine (state/

province, over-21)

3. Leave comments

(PPID, country)

29



eID Card ProvisioningUser downloads eID information card (after appropriate identity proofing)

E.g., visits point of service in person and receives an activation code

CardSpace efficiently retrieves multiple U-Prove tokens encoding the card claim values

The user authenticates to the STS using her X.509 certTokens are stored securely encrypted on the machine

Benefits:Reduces load on IdP’s STS, which won’t get hit every time the user presents the cardIdP will not be aware of the user’s card usage 30



Hospital lab resultsUser presents full address, name, and D.o.B., and hospital locates her lab resultsSame security/privacy as if the user presented her ID in person

31



Government forumUser leaves comments on a forum using an “authenticated” pseudonym

Users are anonymous, but only members of the community (e.g., US resident) can leave commentsNo one (including the IdP itself) can hijack the pseudonym and post “forged” comments

PPID claim value is derived from the presented U-Prove token

32



Wine storeUser buys some wine online, proving she is over-21 and in which province/state she resides

CardSpace applies the U-Prove token’s private key when presenting the token; resulting presentation token is an auditable proof

In contrast, “proof keys” are not applied by identity selectors in web scenarios

33



Crypto Details



Blind Signature protocol

Illustrates a simple blind signatureU-Prove token issuance uses a “restrictive” blinding technique

More complex process to certify attributes

Issuer

35






Issuer

35






Issuer

35






Issuer

35






Issuer

35






Issuer

35




NameAcct. NumberExpiration

Issuer



Issuer

35





Issuer



Issuer

35





Issuer

Issuer




Issuer

35



Proof of Knowledge Protocol

Issuer


Notes:Verifier only learns disclosed information, and is convinced that Alice knows the private key

Verifier

36




Issuer


Challenge


Verifier

36




Issuer


Not revoked

Challenge


Verifier

36




Issuer


Not revoked

Challenge

Proof


Verifier

36




Issuer


Not revoked

Proof


Verifier

36



Schnorr protocolGoal: prove knowledge of α w.r.t. g on the public element h = gα

ProverPick w at randoma := gw

r := cα + w

Verifier

Pick c at random

Verify gr = ahc

a

c

r

37



U-Prove protocolsU-Prove public key is a bit more complex: h := (g0

g1x

1 … gkx

k)α

The xi values encode the attributesUses Schnorr protocol as a primitive to prove properties of the attributes, e.g.,

x1 = 1x2 != “alice”x3 >= 21(x1 – x3) / x2 > x4

38


U-Prove technoloty overview

Documents