U-Prove

Established: February 25, 2012

U-Prove components are released in the Security and Cryptography Incubations Quarterly Technology Drop.

 

Overview

A U-Prove token is a type of credential similar to a PKI certificate that can encode attributes of any type, but with two important differences:

1) The issuance and presentation of a token is unlinkable due to the special type of public key and signature encoded in the token; the cryptographic “wrapping” of the attributes contain no correlation handles. This prevents unwanted tracking of users when they use their U-Prove tokens, even by colluding insiders.

2) Users can minimally disclose information about what attributes are encoded in a token in response to dynamic verifier policies. As an example, a user may choose to only disclose a subset of the encoded attributes, prove that her undisclosed name does not appear on a deny list, or prove that she is of age without disclosing her actual birthdate.

These user-centric aspects make the U-Prove technology ideally suited to creating the digital equivalent of paper-based credentials and the plastic ID cards in one’s wallet.

Microsoft has made available the foundational features of the technology by releasing the core U-Prove specifications under the Open Specification Promise.

Links

News

  • A new TypeScript Node reference implementation has been released (November 2022)
  • Revision 4 of the specification has been released, addressing a potential issue with parallel issuance of tokens in some settings. (November 2022)
  • We released a new paper describing the various revocation mechanisms available to developers, along with an update to the U-Prove extensions SDK. (Sept 2014)
  • We released a JavaScript SDK implementing the U-Prove client-side protocol. (July 2014)
  • We released new U-Prove extensions for collaborative issuance, bit decomposition, designated-verifier accumulator revocation, equality, inequality, set membership, and range proofs, along with a SDK implementing them. A paper describing the new features is also available. (July 2014)
  • Revision 3 of the specification and the C# SDK have been released. The cryptographic protocols have been modified to support interoperability with the ABC4Trust architecture. (December 2013)
  • New Privacy vs. Accountability in Identity Systems paper, along with revocation and ID escrow extensions for U-Prove, released at the Trusted Computing Conference (September 11th 2013).
  • MSR researchers published a new efficient MAC-based credential scheme providing multi-show unlinkability (August 2013).
  • Revision 2 of the specification and the C# SDK have been released. This release features an optimized token issuance protocol, and an ability to present scope-exclusive pseudonyms and to generate cryptographic commitments from attribute values. (April 2013)
  • U-Prove presented at NIST’s Privacy-Enhancing Cryptography Workshop (December 9th 2011)
  • Kuppinger Cole awarded U-Prove with a Best Innovation award in the category of Outstanding projects and initiatives in Identity Management
  • The International Association of Privacy Professionals honored U-Prove with a Technology Innovation award
  • Fraunhofer Fokus was honored with the TeleTrusT Technology Innovation Award for their work with Microsoft on privacy-enhancing identity systems
  • Scott Charney featured the U-Prove HealthVault registration demo in his RSA 2011 Keynote

People

People

Portrait of Kevin Kane

Kevin Kane

Principal Software Development Engineer

Portrait of Karen Easterbrook

Karen Easterbrook

Sr Principal PM Manager

Portrait of Greg Zaverucha

Greg Zaverucha

Principal Software Development Engineer

Portrait of Christian Paquin

Christian Paquin

Principal Program Manager