Authentication of communication partners is one of the most critical cryptographic services. Anonymous entity authentication pertains to the ability to verify the identity of an entity without disclosing its identity to communication partners or third parties. This is achieved while possessing assets the verifier can use to identify its communication partner reliably. Anonymous entity authentication mechanisms are designed to support such anonymous communications.

This article provides an overview of anonymous entity authentication techniques and the essential contents of the TCVN 13178-1:2020 Information Technology - Security Techniques - Anonymous Entity Authentication standard.

What is Anonymous Entity Authentication?

Anonymous entity authentication is a vital cryptographic service with various cryptographic mechanisms supporting it. Examples include the mechanisms specified in TCVN 11817 and digital signature mechanisms defined in ISO/IEC 9796 and ISO/IEC 14888.

In anonymous entity authentication, the entity to be authenticated (the verifier) provides evidence to the authenticating party (the prover) that it possesses a secret without revealing its identity to any unauthorized entities. Even if eavesdroppers know the messages exchanged between the parties, they should not be able to determine the verifier's identity.

Simultaneously, an authorized verifier should be assured that the prover is authenticated, meaning it possesses specific attributes, such as being a member of a predefined group. However, even an authorized verifier should not be able to discover the prover's identity.

Anonymous entity authentication mechanisms may allow an authorized verifier to initiate a process that permits the prover to reveal its identity in a specific scenario. These mechanisms are known as partial anonymous entity authentication mechanisms.

Applications of Anonymous Entity Authentication

Anonymous entity authentication can be applied in various scenarios, including:

• E-commerce

• E-voting

• Electronic identification (e.g., electronic driver's licenses, electronic health IDs, and electronic passports)

• Social networks

• Mobile payments

• Cloud computing

In many such services, customers' personal identifiable information (PII) is disclosed to service providers as part of the authentication process. Therefore, service providers can use PII for various purposes, not necessarily in the interest of the PII subject. One way to limit service providers' access to PII is through the use of anonymous authentication mechanisms.

TCVN 13178-1:2020 Standard

The TCVN 13178-1:2020 (ISO/IEC 20009) standard defines the model, requirements, and constraints for anonymous entity authentication mechanisms to allow entities to be authenticated effectively. Details of the mechanisms and the content of authentication exchanges are specified in subsequent standards within the TCVN 13178 series.

Essential Contents of TCVN 13178-1 Standard

TCVN 13178-1 consists of 6 sections, as follows:

• Section 1 - Scope: This section defines a model, requirements, and constraints for anonymous entity authentication mechanisms to allow entities to be authenticated effectively.

• Section 2 - Terms and Definitions: Provides terms and definitions used in this standard.

• Section 3 - Symbols and Abbreviations: Specifies symbols and abbreviations used in this standard.

• Section 4 - Model of Anonymous Entity Authentication: Presents a general model of anonymous entity authentication mechanisms.

• Section 5 - General Binding Requirements: Specifies requirements for anonymous entity authentication mechanisms to ensure the authenticity of the prover and the confidentiality of the prover's identity.

• Section 6 - Anonymity Management: Discusses the degree of anonymity provided by anonymous entity authentication mechanisms and the procedures for revoking anonymity.

This article has provided an overview of anonymous entity authentication and the TCVN 13178-1:2020 standard, serving as a foundation for practical implementation by organizations.

To import products to Vietnam, you need to comply with Vietnamese regulations, and as your import of records (IoR), Tron Chan will ensure this requirement. Please get in touch with us to explore detailed information.