Browse Prior Art Database

Dynamic changing interface for interactive selection of grouped identity information satisfying policy requirements

IP.com Disclosure Number: IPCOM000219029D
Publication Date: 2012-Jun-18

Publishing Venue

The IP.com Prior Art Database

Abstract

Assuming the RP presents a policy to the user which can be fulfilled by using a set of information cards. In particular, the user can even fulfil the requirements by using different combinations of attributes from the same set of cards. As an example, the user needs to provide the name and address as well as the birthday. Assuming that those attributes are encoded in the identity card, the credit card and the drivers license of the user, she could provide the birthday taken from the identity card combined with the address and the name taken from the drivers license. Just as well, she could provide the address from the identity card in combination with the rest of the attributes taken from the drivers license. One of the core ideas of this publication is to make all the solutions easily accessible to the user by adjusting the actually chosen solution either marginally or significantly by very simple means (e.g. one single click). One solution consists thereby of a specific set of cards together with a subset of attributes that are contained in these cards. Another core idea of the publication is to have a solution already preselected instead of requiring the user to find a solution herself. In addition to this idea, the user has the opportunity to browse through the available solutions. In this context, the user can either browse through the solutions that comprise different cards or solutions that comprise different attributes within the same cards. One solution consists thereby of a specific set of cards together with a subset of attributes that are contained in these cards. Again, this allows the user to adapt the solutions either significantly (i.e. change the used cards) or only marginally (i.e. change only the attributes within the cards). Subsequently, the user always sees one solution at a time but has the possibility to browse through the other solutions. The information cards are grouped with respect to a certain attribute value, e.g., the value of attribute ``card type'' or ``issuer''. By grouping the information cards, an overview over the solutions can be presented in a straightforward way. Hence, the user can capture the different possibilities in an easy way and is supported in taking a decision which conforms to the intended behavior. The interface also shows for the current set of cards which information of the used cards is going to be released if he accepts the solution.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 13% of the total text.

Page 01 of 11

Dynamic changing interface for interactive selection of grouped identity information satisfying policy requirements

Anonymous credential systems like Identity Mixer enable the user to issue

more involved statements compared to the release of attributes as in other technologies. Consequently, the policies are more complex and the paradigm of providing just one information card to satisfy the policy requirements is no longer true. In particular, Identity Mixer gives the possibility to prove (in 'zero-knowledge') the knowledge of a certain attribute signed by a specific Identity Provider instead of revealing the attribute itself. Furthermore, it is possible to prove polynomial statements over attributes. As an example, such a policy could state that a user has to provide an information card containing her name and a proof that she is older than eighteen. Additionally, she has to provide an information card issued by a credit card company that contains a credit card number and is issued to the same person as the first information card. In order to satisfy these more complex policy requirements, a user must use multiple of her information cards since the requested attributes are usually not contained in a single card.

    Given the requirements formulated in a specific access policy of a relying party, a user has to find a combination of attributes contained in - possibly multiple - information cards which satisfy the requirements stated in the policy. There might be various such combinations to satisfy the policy. The challenge for the user is to find a combination of information cards and attributes where all policy requirements are fulfilled. Further requirements on the attributes of the cards can be specified, e.g., specific attributes have to be provided by the same card or certain attributes from different cards have to be equal. The specification of a policy being able to express such statements is far from simple but out of the scope of this document. Nevertheless we assume such a policy language as given. We care about the complexity that has to be handled by each user in finding a suitable set of cards that satisfies the requirements of a given policy.

    We describe a method for presenting an intuitive interface to select one or multiple information cards in order to satisfy a set of requirements that are given by a relying party in the form of a policy.

Communication Model

    In order to describe our approach of presenting the complex policy to the user and assist her in configuring her optimal solution we briefly elaborate on the important parts of the underlying communication model.

    Given a user U , an identity provider I and an relying party R the following two parts in the communication flow are of relevance for us. Firstly, in a transaction with
I, U acquires a credential consisting of attributes, attribute values and most notably a signature of I on the attribute value pairs. A credential is presented to the user as an

informa...