ISO IEC 20009-3:2022 pdf download – Information security — Anonymous entity authentication — Part 3: Mechanisms based on blind signatures.
Entities of different types can be involved in the mechanism specified in this document, as follows. — Claimant: an entity to be authenticated in such a way that the claimant’s identity is not revealed. In this document, a claimant plays the role of requestor in a blind digital signature scheme, as specified in ISO/IEC 18370-2:2016. — Verifier: an entity that verifies the validity of a claimant’s credential and which does not learn the claimant’s identity. — Issuer: an entity issuing a credential to a claimant. In this document, an issuer plays the role of signer in a blind digital signature scheme as specified in ISO/IEC 18370-2:2016. NOTE 2 In the context of this document, the issuer serves as an offline trusted third party (TTP) in the sense of ISO/IEC 20009-1. It gains knowledge of all a claimant’s attributes but does not learn which subset is later selected to present the signature. Annex A lists the object identifiers which shall be used to identify the mechanism defined in this document. 6 Unilateral anonymous authentication 6.1 General Unilateral anonymous authentication means that only one of the two entities, the claimant, is authenticated by use of the mechanism and that the identity of the authenticated entity is anonymous to the other entity, the verifier. 6.2 Mechanism 1 — Two-pass unilateral anonymous authentication 6.2.1 General Two-pass means that the authentication phase consists of two messages being exchanged between the claimant and the verifier. This mechanism is based on mechanism 4 in ISO/IEC 18370-2:2016. In addition to verifying that a claimant possesses a valid credential issued by the issuer, this mechanism also enables a verifier to request the presentation of claimant attributes encoded in the credential. That is, at the end of the authentication process, the verifier is guaranteed that the claimant holds a credential received from the issuer that certifies the attributes disclosed during the authentication process. The mechanism only guarantees anonymity to the claimant if a credential received from the issuer is used in only one session of the authentication process. If a credential is used in multiple sessions, these sessions can still not be linked to the corresponding session of the credential issuance process. However, they can be linked with each other by the verifiers, even if different sets of attributes are disclosed. In particular, a returning claimant can be recognized by a verifier. Security considerations and guidance for concrete parameter selections are given in Annex E.