U-Prove is an innovative cryptographic technology that allows users to minimally disclose certified information about themselves when interacting with online resource providers. U-Prove provides a superset of the security features of Public Key Infrastructure (PKI), and also provide strong privacy protections by offering superior user control and preventing unwanted user tracking.
A U-Prove token is a new type of credential similar to a PKI certificate that can encode attributes of any type, but with two important differences:
1) The issuance and presentation of a token is unlinkable due to the special type of public key and signature encoded in the token; the cryptographic “wrapping” of the attributes contain no correlation handles. This prevents unwanted tracking of users when they use their U-Prove tokens, even by colluding insiders.
2) Users can minimally disclose information about what attributes are encoded in a token in response to dynamic verifier policies. As an example, a user may choose to only disclose a subset of the encoded attributes, prove that her undisclosed name does not appear on a blacklist, or prove that she is of age without disclosing her actual birthdate.
These user-centric aspects make the U-Prove technology ideally suited to creating the digital equivalent of paper-based credentials and the plastic ID cards in one's wallet.
Microsoft has made available the foundational features of the technology by releasing the core U-Prove specifications under the Open Specification Promise.
- U-Prove Cryptographic Specification V1.1 (Revision 3), December 2013
- U-Prove Technology Overview V1.1 (Revision 2), April 2013
- Stefan Brands’ book detailing the underpinning of the U-Prove technology.
- The European Union funded project ABC4Trust on privacy-preserving identity credentials, in which Microsoft participates.
- We released a new paper describing the various revocation mechanisms available to developers, along with an update to the U-Prove extensions SDK. (Sept 2014)
- Customer story about the NSTIC CSDII pilot, using U-Prove to provide privacy-protecting identity attributes.
- We released new U-Prove extensions for collaborative issuance, bit decomposition, designated-verifier accumulator revocation, equality, inequality, set membership, and range proofs, along with a SDK implementing them. A paper describing the new features is also available. (July 2014)
- Revision 3 of the specification and the C# SDK has been released. The cryptographic protocols have been modified to support interoperability with the ABC4Trust architecture. (December 2013)
- New Privacy vs. Accountability in Identity Systems paper, along with revocation and ID escrow extensions for U-Prove, released at the Trusted Computing Conference (September 11th 2013).
- MSR XCG researchers published a new efficient MAC-based credential scheme providing multi-show unlinkability (August 2013).
- Revision 2 of the specification and the C# SDK has been released. This release features an optimized token issuance protocol, and an ability to present scope-exclusive pseudonyms and to generate cryptographic commitments from attribute values. (April 2013)
- U-Prove presented at NIST’s Privacy-Enhancing Cryptography Workshop (December 9th 2011)
- Kuppinger Cole awarded U-Prove with a Best Innovation" award in the category of Outstanding projects and initiatives in Identity Management
- The International Association of Privacy Professionals honored U-Prove with a Technology Innovation award
- Fraunhofer Fokus was honored with the TeleTrusT Technology Innovation Award for their work with Microsoft on privacy-enhancing identity systems
- Scott Charney featured the U-Prove HealthVault registration demo in his RSA 2011 Keynote
- Christian Paquin, On the revocation of U-Prove tokens, no. MSR-TR-2014-122, 2 September 2014
- Christian Paquin, U-Prove extensions, no. MSR-TR-2014-105, 5 August 2014
- Christian Paquin and Lan Nguyen, U-Prove Designated-Verifier Accumulator Revocation Extension, no. MSR-TR-2014-85, June 2014
- Mira Belenkiy, U-Prove Range Proof Extension, no. MSR-TR-2014-88, June 2014
- Mira Belenkiy, U-Prove Equality Proof Extension, no. MSR-TR-2014-86, June 2014
- Mira Belenkiy, U-Prove Inequality Proof Extension, no. MSR-TR-2014-87, June 2014
- Mira Belenkiy, U-Prove Set Membership Proof Extension, no. MSR-TR-2014-89, June 2014
- Christian Paquin and Greg Zaverucha, U-Prove Collaborative Issuance Extension, no. MSR-TR-2014-84, June 2014
- Mira Belenkiy, U-Prove Bit Decomposition Extension, no. MSR-TR-2014-83, June 2014
- Christian Paquin, U-Prove Cryptographic Test Vectors V1.1 (Revision 3), Microsoft, December 2013
- Christian Paquin and Greg Zaverucha, U-Prove Cryptographic Specification V1.1 (Revision 3), Microsoft, December 2013
- Christian Paquin, Privacy and accountability in identity systems: the best of both worlds, no. MSR-TR-2013-85, 11 September 2013
- Lan Nguyen and Christian Paquin, U-Prove Designated-Verifier Accumulator Revocation Extension, no. MSR-TR-2013-87, 11 September 2013
- Greg Zaverucha, U-Prove ID escrow extension, no. MSR-TR-2013-86, 11 September 2013
- Christian Paquin, U-Prove Technology Overview V1.1 (Revision 2), Microsoft, April 2013
- Christian Paquin, U-Prove Recommended Parameters Profile V1.1 (Revision 2), Microsoft, April 2013