1 / 22

Meeting the Privacy Goals of NSTIC in the Short Term

Meeting the Privacy Goals of NSTIC in the Short Term. Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen P. Lewison Pomcor. Contents.

salena
Download Presentation

Meeting the Privacy Goals of NSTIC in the Short Term

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen P. Lewison Pomcor Pomcor

  2. Contents • The following slides illustrate protocol steps described in the white paper “Achieving the Privacy Goals of NSTIC in the Short Term” available at http://pomcor.com/whitepapers/NSTICWhitePaper.pdf • There are three protocol variations: • Attribute verification • Delegated authorization • Social login Pomcor

  3. Attribute Verification Pomcor

  4. Attribute Provider Relying Party Attribute request + Callback URL Browser Step 1

  5. Attribute request + one-time Public Key Attribute Provider Relying Party User’s long term TLS certificate Retains callback URL. Produces one-time key pair, retains one-time private key. Browser Step 2

  6. One-time cert binding attribute to one-time public key Attribute Provider Relying Party Browser Step 3

  7. Attribute Provider Relying Party Asks user’s permission to pass attribute to relying party Browser Step 4

  8. Attribute Provider Relying Party Success Targets callback URL One-time cert used as TLS client cert Browser Browser Uses one-time private key in TLS handshake Step 5

  9. Delegated Authorization Pomcor

  10. Site holding user’s account Web application Access request + One-time public key + Callback URL Browser Step 1

  11. Site holding user’s account Access request + one-time Public Key Web application User’s long term TLS certificate Retains callback URL Browser Step 2

  12. Site holding user’s account One-time cert binding access grant to one-time public key Web application Browser Step 3

  13. Site holding user’s account Web application Asks user’s permission to grant access to application Browser Step 4

  14. Site holding user’s account Web application One-time cert with access grant Targets callback URL Browser Browser Step 5

  15. Site holding user’s account Web application One-time cert with access grant used as TLS client cert Browser Browser Step 6

  16. Social Login Combines attribute verification And delegated authorization Pomcor

  17. Attribute Provider Web application Attribute request, access request, app’s one-time public key, callback URL Browser Step 1

  18. Attribute request, browser’s one-time public key, access request, app’s one-time public key Attribute Provider Web application User’s long term TLS certificate Retains callback URL. Produces browser’s one-time key pair, retaining private key. Browser Step 2

  19. One-time cert binding attribute to browser’s one-time public key + one-time cert binding access grant to app’s one-time public key Attribute Provider Web application Browser Step 3

  20. Attribute Provider Web application Asks user’s permission to pass attribute and grant access to application Browser Step 4

  21. Attribute Provider Web application One-time cert with access grant Targets callback URL One-time cert with attribute used as TLS client cert Browser Browser Uses one-time private key in TLS handshake Step 5

  22. Attribute Provider Web application One-time cert with access grant used as TLS client cert Browser Browser Step 6

More Related