U-Prove technology has recently been introduced by Microsoft.  However, the technical specifications have been published and anyone can make use of them to create their own U-Prove implementations.

Characteristics of U-Prove include the following:

• U-Prove technology supports both on-demand tokens as well as long-lived tokens.  On-demand tokens are used to transmit claims from an identity provider to a relying party (via an active client) in real-time, while long-lived tokens are generated ahead of time and then used when needed to transmit claims without requiring interaction with an identity provider.  The use of long-lived tokens would allow service providers to process consumer claims even when a trusted identity provider is unavailable, thus eliminating potential service interruptions.
  
  
• U-Prove provides consumer privacy protections to prevent identity providers and others from tracking and correlating usage of a consumer’s high assurance identity-related claims.

• A selector or active client acts as an online repository or “wallet” to store U-Prove tokens.   The selector / active client would also provide consumers with a visual representation of identity-related claims.
   
• Strong authentication technologies such as public/private keys, one-time passwords, and possibly others enable identity providers to have high assurance that the claims they issue are in response to a request from the consumer to whom the claim pertains.

• Smartcards and PC-based Trusted Platform Modules provide for the deployment of selectors / active clients and other authentication technologies, as well as for the private keys that allow consumers to make use of U-Prove tokens to transmit trusted claims to relying parties.  Smartcards implemented in smartphones, USB dongles, or other mobile devices may be more usable from a consumer standpoint for online transactions than smartcards implemented as physical cards that require a card reader in order to be used.
  
  

The following two diagrams illustrate how consumer identity-related claims can be used with either on-demand or long-lived U-Prove tokens. We assume that the selector/active client provides a visual representation of the U-Prove tokens to the user.  It is also assumed that trust between between service providers / relying parties and the identity providers issusing U-Prove tokens is based upon the adoption by these parties of an appropriate trust framework.  

 

 

 

   

© 2006-2010 Robert Pinheiro Consulting LLC. All rights reserved.