Zero Trust

 View Only
Expand all | Collapse all

ISO/IEC 20009-3:2022 Information security - Anonymous entity authentication - Part 3: Mechanisms based on blind signatures

  • 1.  ISO/IEC 20009-3:2022 Information security - Anonymous entity authentication - Part 3: Mechanisms based on blind signatures

    Posted Feb 18, 2022 11:31:00 AM
    Hi All,

    ISO/IEC just published ISO/IEC 20009-3:2022 Information security - Anonymous entity authentication - Part 3: Mechanisms based on blind signatures

    In an anonymous entity authentication mechanism, the entity to be authenticated (the claimant) provides evidence to a verifier that it has knowledge of a secret without revealing its identifier to any unauthorized entity. That is, given complete knowledge of the messages exchanged between the parties, an unauthorized entity cannot discover the identifier of the entity being authenticated. Moreover, it is possible that even an authorized verifier is not authorized to learn the identifier of the entity being authenticated.
    The anonymous entity authentication mechanisms specified in this document are based on blind signatures, specified in the ISO/IEC 18370 series.

    This document provides general descriptions and specifications of anonymous entity authentication mechanisms based on blind digital signatures.

    This standard can be previewed here: https://www.iso.org/obp/ui/#iso:std:iso-iec:20009:-3:ed-1:v1:en

    This standard can be purchased here: https://www.iso.org/standard/80615.html

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------


  • 2.  RE: ISO/IEC 20009-3:2022 Information security - Anonymous entity authentication - Part 3: Mechanisms based on blind signatures

    Posted Feb 21, 2022 07:29:00 AM
    Hi Michael, thanks for the link, really useful and it gave me a good laugh.  How to obfuscate a description of encrypted identity handling to the nth degree. The identity is not in plain text, but it contains a secret that can be validated by an automated service, and for good measure, the stored identity graph is also not in plain text.  Meaning that encrypted tokens and an identity matching function that also looks up an encrypted identity without exposing anything is a really good thing! I can proudly assert with 100% confidence that my Identity Management Service, like many good identity services, is ISO/IEC 20009-3:2022 compliant!

    ------------------------------
    Nya Murray
    CEO
    Trac-Car
    ------------------------------