You are here: Resources > FIDIS Deliverables > HighTechID > D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management > 

D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management

Types of Identity Management  Title:
 TC use for identification


Related Work and Current Problems

Current systems used for automated provisioning of applications and IT resources make use of IdM systems to provide access control over the resources.  

One of the cornerstones of any IMS lies in its security. According to the IMS Types defined in 8.2, the security mechanisms used for an IMS could be different. On the other hand, the protection of a user’s identity from identity theft also relies heavily on the security mechanisms whether on the user’s specific platform, web interfaces, communication protocols or remote platforms and databases. Unfortunately, trusted infrastructures are not commonly used nowadays for identity management systems. In fact, current identity management solutions lack hardware security support. 

For example, digital signatures are an important example for identity management applications. Although the legal prerequisites for digital signatures (at least in Europe) exist, in a big scale applications do not so far. 

Digital signatures face several problems, mainly low acceptance due to low security for the user. In case an attacker manages to fake a user’s digital signature, the user will find himself having to prove that he did not sign. Therefore, digital signatures need tamper proof devices that require users to authenticate themselves. But as long as this authentication is not safe from e.g. an attacker stealing a password, the user still faces the shifting of the burden of proof. Furthermore, the problem of “What-You-See-Is-What-You-Sign” is not a trivial one, so users are required to have a certain level of expertise to be able to judge whether they are tricked or not, and even experts might fail. One can never be sure if one really signs what one can see, but has to trust the applications, the hardware (and their developers). 

Some initiatives for supporting identity management with TC already exist. For example, in [123], the author proposes to use TC to establish a level of trust between different identity domains, in a way to allow one credential provider in one identity domain to issue credentials to be used for authentication in another identity domain based on a pre-defined credential issuing policy. 


Types of Identity Management  fidis-wp3-del3.9_Study_on_the_Impact_of_Trusted_Computing_on_Identity_and_Identity_Management_v1.1.sxw  TC use for identification
25 / 38