BPVrfy: Hybrid Cryptographic Scheme Based -- Federate Identity Attributes Verification Model for Business Processes

It is important that during the execution of a business process built from composable Web services from multiple domains, the component service be able to verify the identity of the user to check it has the required permissions for accessing the services, while at the same time identity attributes need to be protected properly as they can be target of attacks. In such context, we propose a privacy-preserved multi-domain identity attributes verification model BPVrfy. It extends federate identity management with support for multiple identity verification policies and privacy enhancement. Identity attributes verification process is partitioned into three sub-procedures consisting of attribute provision, federation enrollment and attributes transfer, and then a series of protocols based on cryptographic schemes is proposed respectively. BPVrfy adopts Perdersen Commitment, Zero-Knowledge Proof of Knowledge, BGLS Aggregate Signature and Certificate-Based Signature (CBS) cryptographic schemes together to give a privacy-preserved federate identity attributes verification solution for multi-domain Web services-based business processes.