<http://www.idcorner.org/index.php?p=88>
The Identity Corner Stephan Brands A corner on IDs Postings on anything related to digital identity management. 3/30/2005 Microsoft info-cards to use blind signatures? Posted by Stefan at 10:37 am Microsoft yesterday confirmed that it will provide info-card software into Windows that will "put control of digital IDs into the hands of an end-user" so that "the end-user will be in full control." Thus far, the company has revealed no technical details about how info-cards will ensure the privacy of certified identity assertions as they are being passed around by their users. Now, I just learned that Microsoft last week has been granted US patent no. 6,871,276 titled "Controlled-content recoverable blinded certificates." Since I found out about this patent only half an hour ago, I cannot yet comment on the novelty of the proposed solution, other than that it seems to be a minor twist on Chaum's blind signature patent that was filed in 1983. (The twist seems to be to use the "decryption" exponent d to encode meaningful attribute information, a technique that certainly has already been described by Chaum in various of his post-1983 papers as well as patents; I need to review the entire patent text first, however, before I can tell with certainty if there is a significant and "technically non-obvious" difference in the proposed encoding techniques.) Issues regarding patentability and technical shortcomings notwithstanding, I am genuinely excited about this development, if it can be taken as an indication that Microsoft is getting serious about "privacy by design" for identity management. That is a big "if," however: indeed, the same Microsoft researcher who came up with the patent (hello Dan!) was also responsible for Microsoft e-cash patent no. 5,768,385 that was granted in 1998 but was never pursued. (See here for a brief evaluation of the technical merits of that patent.) I am looking forward to Microsoft coming forth with some technical details on info-cards. Kim, can you share with us a few insights on the info-card privacy design on your personal blog? -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
