Access Control

Anonymous and distributed access control to remote services

Abstract

With two different methods (centralized and distributed) to obtain credentials in front of the authority with responsibility. This invention is set of new distributed access protocol, that, with reduced communication between partners, allows to anonymously control the access to resources or web services. The system can be naturally incorporated in a number of different scenarios like blockchain, electronic vote protocol or management website access among other applications. Anonymous identification is an important topic within cryptographic protocol application that has not been sufficiently developed. Current identification considers password generation (in centralized or distributed systems), key interchange systems, web identification, or anonymous credentials. In any case, these systems consider a central authority who knows the user identity (distributed systems), which can also be known by the servers (key interchange system). In some other protocols, users identity can be dependent on third entities with the ability of exchange users information. In addition, when anonymity is requested, protocols usually have high computational complexity. The protocols in this invention are capable of providing solutions to current limitations, offering an alternative which allows to hide the user identity when accessed to the resource, i. e. when the privacy conflict appears. The system is backed by perfect secrecy, mathematic property that assures the access /log in systems is secure even in post-quantum scenario.

Technical specifications

Type of technology

PATENT

Inventors

Protection status

Nacional: P202130890 – 22/09/2021

Person in charge

López Rodríguez, Damián

Technology

Three alternative implementations (one centralized and two distributed) are presented to control the remote access to a resource, obtaining credentials from one, or a number of authorities with distributed responsibility. This/these authorities are unique able to identify the user, and they are in charge of issuing the portions of credential (or the credential itself in case of only one authority. No identification data is shown in the credential, being totally anonymous.

When a user delivers the issued credential, agents controlling the access (guard) must collaborate to check the credential authenticity, and grants the access.

The construction of credential of the credentials is based on modular arithmetic and polynomial module, where a valid credential is a unique point of a secret polynomial, which might be distributed among several authorities but being individually unknown. This system prevents the interpolation of the polynomial, so that, the non-authorized credentials generation.

This access application provides perfect secrecy implying that, with partial information, the solution of the problems (meaning deduction of the polynomial) cannot be found.

State of development

The protocol is completely designed, and the algorithm described. A proof of concept has been implemented in a local computer. The next stage would be based on the implementation of the algorithm in a final product.

Advantages

The advantages of this anonymous access control developed are:

  • This protocol can be naturally incorporated in a number of different scenarios, from anonymous  access to documents generated by the Administration, blockchain access, implementation of electronic vote protocols, control of intelligent delivery boxes, or website management access.
  • The service offers improved availability and better resilience.

The methods have low time complexity, and are easy to implement.

Applications

TI Companies managing sensitive and confidential data keeping the anonymity (biometric, genetic, health data)

Desired collaboration

Company interested in being granted with a license for the appliance of this technology.

A collaboration leading to a commercial exploitation of this invention is wanted. The ideal final scenario could arrive when agreeing with system producers in order to transfer the usage of this technology by means of a license (exclusive or non-exclusive). However, format, terms and conditions of collaboration could be openly discussed whether this technology receives interest.