Privacy Enhancing Credential
From MgmtWiki
Full Title or Meme
A collection of private and secret data that can be used to prove an assertion in a manner that does not release more private information than absolutely required for the purpose described. Perhaps that term is used to indicate a mobile computer device, which is the preferred technology solution.
Context
- Regardless of any technology used to protect user data in a credential, they serve no purpose if they are not limited to use in a protected Ecosystem.
- In some contexts, the term "Privacy Enhancing Credential" is used, although there are very few use cases where a credential is not mobile even when it is just a driver's license in a holder's pocket.
- Simple credential that do not rely on secrets to protect user data are not considered to be of any value as a Privacy Enhancing Credential.
Ecosystems
- Perhaps the simplest Ecosystem is a Smart Card
- The Credential could be included and used entirely within the context of a Trusted Execution Environment, or a secure enclave and its resident software.