Anonymous Credential-Based Privacy-Preserving Identity Verification for Business Processes

During the execution of a business process users need to be authenticated by multiple component service providers, while their identities need to be shared and propagated across multi-domain in a privacy-preserving fashion. An anonymous credential-based identity verification scheme is proposed to address privacy issue. Users establish trust relationship with the federation by running the enrollment protocol, which is based on zero-knowledge proof of a set of committed attributes. The IdP cannot learn identity-related information about the user. Anonymous credentials issued by the IdP allow users to selectively disclose attributes as required and prove them in an untraceable and unlinkable way, where the IdP cannot trace the showing of credential and component service providers cannot address multiple transactions to the same user even if they collude either. With the proposed attributes proof protocols, users can prove AND and OR relation over multiple attributes, and interval and inequality relation over a single attribute as well.