Follow Us on Twitter
Subscribe
Subscribe to our blog's RSS feed.
-
Blog Posts
- Feedback on the Paper on Privacy Postures of Authentication Technologies
- Comparing the Privacy Features of Eighteen Authentication Technologies
- Two Methods of Cryptographic Single Sign-On on Mobile Devices
- Using Cryptographic Authentication without a Cryptographic API on iOS and Android Devices
- Strong Authentication with a Low-Entropy Biometric Key
Our Old Noflail Search Blog
NSF Funding
CONNECT Springboard
Tag Archives: Identity
Convenient One-, Two- and Three-factor Authentication for Mobile Devices
Authentication methods used today on mobile devices are both inconvenient and insecure. Ordinary passwords are difficult to type on small touch-screen displays that require switching keyboards for entering digits or punctuation. They provide even less security on mobile devices than … Continue reading
NSTIC Is Not Low-Hanging Fruit
In a recent tweet, Ian Glazer quoted Patrick Gallagher, director of NIST, saying at a recent White House meeting on NSTIC that the “current suite of technologies we rely on are insufficient”. The identity technologies used today both in federal … Continue reading
After CardSpace, Microsoft Calls for Research on Passwords
In February 2011 Microsoft discontinued CardSpace, a Windows application for federated login that was the deployment vehicle for the U-Prove privacy-enhancing Web authentication technology, which itself is said to have inspired the NSTIC initiative. Cormac Herley, a Microsoft researcher, and … Continue reading
Trip Report: Meeting on Privacy-Enhancing Cryptography at NIST
Last week I participated in the Meeting on Privacy-Enhancing Cryptography at NIST. The meeting was organized by Rene Peralta, who brought together a diverse international group of cryptographers and privacy stakeholders. The agenda is online with links to the workshop … Continue reading
Do-Not-Track and Third-Party Login
Recently the World Wide Web Consortium (W3C) launched a Tracking Protection Working Group, following several recent proposals for Do-Not-Track mechanisms, and more specifically in response to a W3C-member submission by Microsoft. A useful list of links to proposals and discussions … Continue reading
Benefits of TLS for Issuing and Presenting Cryptographic Credentials
In comments on the previous post at the Identity Commons mailing list and comments at the session on deployment and usability of cryptographic credentials at the Internet Identity Workshop, people have questioned the advantages of running cryptographic protocols for issuing … Continue reading
Deployment and Usability of Cryptographic Credentials
This is the fourth and last of a series of posts on the prospects for using privacy-enhancing technologies in the NSTIC Identity Ecosystem. Experience has shown that it is difficult to deploy cryptographic credentials on the Web and have them … Continue reading
Are Privacy-Enhancing Technologies Really Needed for NSTIC?
This is the third of a series of posts on the prospects for using privacy-enhancing technologies in the NSTIC Identity Ecosystem. In the first two posts we’ve looked at two, or rather three, privacy-enhancing authentication technologies: U-Prove, Idemix, and the … Continue reading
Pros and Cons of Idemix for NSTIC
This is the second of a series of posts on the prospects for using privacy-enhancing technologies in the NSTIC Identity Ecosystem. In the previous post I discussed the pros and cons of U-Prove , so naturally I should now discuss … Continue reading
Pros and Cons of U-Prove for NSTIC
This is the first of a series of posts on the prospects for using privacy-enhancing technologies in the NSTIC Identity Ecosystem. NSTIC calls for the use of privacy-friendly credentials, and NSTIC documents [1] [2] refer to the existence of privacy-enhancing … Continue reading