Dating Portal showcase
February 15th - 16th, 2007
Copyright © 2007 Credentica Inc. All Rights Reserved.
Dating portal showcase
•
The dating portal is an peer-to-peer infopage
•
•
•
•
•
Services are other Users
Portal certifies information about Users, but doesn’t learn
Users’ activities
An Identity Token is used to authenticate to the dating
portal and to hold certified private and public
information
An ID Container is used to hold the ID Token and noncertified private and public information
A User can ask another User to disclose private
information fields (certified and non-certified)
Copyright © 2007 Credentica Inc. All Rights Reserved.
2
Dating portal showcase overview
The dating portal
allows Users to
exchange information
in a private manner
Portal
Token
Issuer
User
Accounts
From this point on,
registered User browse for
Later, Users register to the
other browser toUser
exchange
At enrollment,
receives
dating portaleach
by presenting
private information.
Portal
anonymously
an IDand
Token
the ID Token
by issued
facilitates
the exchanges
but
by the
Portal containing
choosing
a User IDcertified
does not
learn Users’ real
information
Bob (CoolB)
Alice (White Rabbit)
identities nor the exhanged
information
ID
Container
Copyright © 2007 Credentica Inc. All Rights Reserved.
ID
Container
3
Enrollment
Background
Yes
Check
Portal
Token
Alice
Issuer
data
User
OK?
Accounts
The Portal performs a
background check on
Alice and, once
completed, sends her a
welcome email
Alice completes and
Bob (CoolB)
Alice browser’s
submits
the form
that
Alice visits
dating
retrieves
an the
applet
to
contains
personal
and
portal client
to enroll
perform
side
billing
information
ID
computations
Container
Copyright © 2007 Credentica Inc. All Rights Reserved.
Enrollment
Please fill the following fields
Name:
___________________
The
applet
creates an ID
DOB: and
___________________
Container
the Portal issues
___________________
anAddress:
ID Token
containing
certified information (some
Billing info
public, some private). The ID
Credit Card No: _____________
Token is not yet usable
Alice
ID
Container
4
Registration
At this point, the Portal
recognize White Rabbit,
knows it’s a paying
customer,
but does not
Portal
know that this is Alice,
Tokenprivate
and any of her
Registration
Issuer
Non-certified information
information (certified or
Private:
not) User
The •ID
Token________________
is activated
• Public:
________________
Accounts
and associated
with White
Rabbit’s account
Login info
Alice provides noncertified private and public
information and chooses a
Bob (CoolB) User ID (e.g. White Rabbit)
and
password
To
register,
Alice visits
ID
Container
Copyright © 2007 Credentica Inc. All Rights Reserved.
the registration link in
the email
• User ID:
________________
• Password: ________________
Alice (White Rabbit)
ID
Container
5
Single Sign-On vs. Roaming access
Portal
Token
Issuer
White
Rabbit
User
Accounts
In the registration, the
applet derives an
encryption key from the
password and sends an
encrypted copy of the ID
White
User ID: White
Welcome
______________
Rabbit
Container
to
theRabbit
Portal
****************
Password: ______________
Sign In
Alice as the option to
enable the SSO feature
If not, the ID Container is
(“Remember me”). In this
deleted from the system.
Bob (CoolB) case, the ID Container
Alice needs to enter her
remains on Alice’s system,
User ID and password to
and future logins are
retrieve it at every login
ID
transparent to Alice
Container
Copyright © 2007 Credentica Inc. All Rights Reserved.
Expedite Sign In
Alice (White Rabbit)
White
ID
Rabbit
Container
6
Private information disclosure
Users’ public information
fields (certified and noncertified) are displayed
Welcome CoolB
User search result:
_____________________________
White Rabbit
(request private info)
• City: Montreal
• Hobbies: tennis, reading
FunnyGirl
Portal
Public certified Token
info is
Loggedfrom
in Users
obtained
Whitecan
Issuer
browseIDfor
other
Users
Rabbit’s
Token
(info
and requests
private
provided
by the Portal)
User
Public non-certified
info
Accounts
information
disclosure
is obtained from Portal’s
(or database
respond to them)
Welcome White Rabbit
One new message from CoolB
• Disclose private info?
Yes / No
(request private info)
• City: Toronto
• Hobbies: shopping
Bob (CoolB)
Disc
Request
ID
Container
Copyright © 2007 Credentica Inc. All Rights Reserved.
White
Rabbit?
Bob requests info disclosure
from White Rabbit. The
Alice (White Rabbit)
Next
time isAlice
requests
encrypted for
Bob White
browses
the
visits
the
Portal,
Rabbit
and stored by
Private
Portal
other
info ID
shefor
accepts
the
the Portal
Container
Users
info
disclosure
7
Private information disclosure
Public certified info is
obtained
from White
Portal
Rabbit’s ID Token
Token
Issuer
Welcome CoolB
Whitemessage
New
Rabbit from White Rabbit
• City: Montreal
• Hobbies: tennis, reading
• Age: 28
Private certified info is
Private non-certified info
obtained from White
is obtained from White
Rabbit’s disclosure (in
Rabbit’s disclosure
the ID Token)
• Phone number: 514-555-1234
Bob (CoolB)
Private
info
ID
Container
Copyright © 2007 Credentica Inc. All Rights Reserved.
Public non-certified info
User
is obtained from Portal’s
Accounts
database
Next time Bob
visits the Portal,
he validates
retrieves White
Bob
the
Rabbit’s
disclosedencrypted
data
disclosure
Alice (White Rabbit)
ID
Container
8