Geekly Articles each Day
📜 ⬆️ ⬇️

Microsoft opens U-prove



Short:
C # code.msdn.microsoft.com/uprovesdkcsharp
Java code.msdn.microsoft.com/uprovesdkjava

UPD Found a good article 2 years ago
')


For those who have not heard of U-prove, a small introduction.

Problem
For any online purchases today, our customers have to open too much information about themselves: first name, last name, address, telephone number, of course, a credit card number. Thus, if this information becomes available to an attacker, then you can acquire a lot of headaches. This problem becomes even more pressing with the introduction of so-called one-click purchases (Amazon, if my memory serves me, even patented this method). In this case, online stores store absolutely all the information in their databases until the end of the centuries.

Status quo
Unfortunately, there are not many alternatives on the market. I refer to them OpenID (a typical use case is Google Checkout), Windows Live ID. But these solutions are in a somewhat different (in my opinion) area - authentification. While it would be desirable to have a simple, reliable and cryptoresistant method for verifying some information, for example, a money transaction. Most importantly, the “seller” must know exactly as much information as is necessary to complete the correct transaction.

Decision
The U-prove technology, created by Stephen Brands (from Credentica, bought by Microsoft two years ago at www.credentica.com ), combines the de facto industrial standard — public-private key cryptosystems and, most interestingly, the ability not to access to some elements of the transmitted information (which is impossible in RSA).

In other words, I can create some token containing information about a one-time (!) Transaction without having to open some personal data about myself. If for purchases of alcohol or tobacco products I need to specify my age, I can open my age and, for example, the delivery address.

For the rest I refer to the hourly video
channel9.msdn.com/shows/Identity/Deep-Dive-into-U-Prove-Cryptographic-protocols

and / or free book
www.credentica.com/the_mit_pressbook.html

The SDK released under the “free license” allows us to play decently with this technology (without being tied to the “big players”).

Source: https://habr.com/ru/post/86257/

More articles:


All Articles