U-Prove components are released in the Security and Cryptography Incubations Quarterly Technology Drop.
Overview
A U-Prove token is a type of credential similar to a PKI certificate that can encode attributes of any type, but with two important differences:
1) The issuance and presentation of a token is unlinkable due to the special type of public key and signature encoded in the token; the cryptographic “wrapping” of the attributes contain no correlation handles. This prevents unwanted tracking of users when they use their U-Prove tokens, even by colluding insiders.
2) Users can minimally disclose information about what attributes are encoded in a token in response to dynamic verifier policies. As an example, a user may choose to only disclose a subset of the encoded attributes, prove that her undisclosed name does not appear on a deny list, or prove that she is of age without disclosing her actual birthdate.
These user-centric aspects make the U-Prove technology ideally suited to creating the digital equivalent of paper-based credentials and the plastic ID cards in one’s wallet.
Microsoft has made available the foundational features of the technology by releasing the core U-Prove specifications under the Open Specification Promise.
Links
- U-Prove Cryptographic Specification V1.1 (Revision 4), November 2022
- U-Prove Technology Overview V1.1 (Revision 2), April 2013
- Open-source U-Prove C# Crypto SDK, JavaScript SDK, and TypeScript Node implementation.
- Stefan Brands’ book detailing the underpinning of the U-Prove technology.
- The European Union funded project ABC4Trust on privacy-preserving identity credentials, in which Microsoft participates.
News
- A new TypeScript Node reference implementation has been released (November 2022)
- Revision 4 of the specification has been released, addressing a potential issue with parallel issuance of tokens in some settings. (November 2022)
- We released a new paper describing the various revocation mechanisms available to developers, along with an update to the U-Prove extensions SDK. (Sept 2014)
- We released a JavaScript SDK implementing the U-Prove client-side protocol. (July 2014)
- We released new U-Prove extensions for collaborative issuance, bit decomposition, designated-verifier accumulator revocation, equality, inequality, set membership, and range proofs, along with a SDK implementing them. A paper describing the new features is also available. (July 2014)
- Revision 3 of the specification and the C# SDK have been released. The cryptographic protocols have been modified to support interoperability with the ABC4Trust architecture. (December 2013)
- New Privacy vs. Accountability in Identity Systems paper, along with revocation and ID escrow extensions for U-Prove, released at the Trusted Computing Conference (September 11th 2013).
- MSR researchers published a new efficient MAC-based credential scheme providing multi-show unlinkability (August 2013).
- Revision 2 of the specification and the C# SDK have been released. This release features an optimized token issuance protocol, and an ability to present scope-exclusive pseudonyms and to generate cryptographic commitments from attribute values. (April 2013)
- U-Prove presented at NIST’s Privacy-Enhancing Cryptography Workshop (December 9th 2011)
- Kuppinger Cole awarded U-Prove with a Best Innovation award in the category of Outstanding projects and initiatives in Identity Management
- The International Association of Privacy Professionals honored U-Prove with a Technology Innovation award
- Fraunhofer Fokus was honored with the TeleTrusT Technology Innovation Award for their work with Microsoft on privacy-enhancing identity systems
- Scott Charney featured the U-Prove HealthVault registration demo in his RSA 2011 Keynote
People
People
Kevin Kane
Principal Software Development Engineer
Karen Easterbrook
Sr Principal PM Manager
Greg Zaverucha
Principal Software Development Engineer
Christian Paquin
Principal Program Manager