Numerous services are being offered over the Internet and require identification of users as in face-to-face interactions. To simplify the authentication procedure and reduce the need to manage multiple credentials to access services, electronic identification (eID) schemes have been introduced that involve many service providers (SPs) and identity providers (IDPs) which verify the identity of users and facilitate the user to authenticate him/herself to SPs. In federated eID schemes, IDPs store identifiable user information (attributes), often with a unique ID, and attest on these attributes to SPs. In this work, we address the privacy concerns of storing user attributes at the IDP which allows the IDP to profile the user's behaviour and activities. We propose to store the attributes in a privacy friendly manner so that they cannot be directly linked to a particular user even if the data is leaked. Then we incorporate private information retrieval (PIR) in the usual authentication flow of federated eID scheme so that the IDP can perform its role of authenticating and managing the user's identity without turning into a privacy hotspot. Finally, through a proof-of-concept implementation we show a practical variant of our scheme in which the IDP, with millions of users, partitions its database.

@en

In todays world transactions are increasingly being performed over the internetbut require identication of users as in face-to-face transactions. In order to facilitate eGovernance as well as other eCommerce services Electronic Identiation(eID) schemes, which intend to provide unique and reliable identication andauthentication of the users, have been introduced. eID schemes commonly involve a Service Provider which provides a service, such as online shopping, to the user and an Identity Provider which veries the users identity and facilitates the user to identify itself to the Service Provider. Every transaction made over the Internet reveals bits of information about the user which can be accumulated and abused, thus necessitating security and privacy in order to prevent misuse of data and invasion of personal privacy. In this work, ve eID schemes which are in use or re proposed in EU countries is surveyed and the strengths and weaknesses of these schemes is investigated. All the schemes have given importance to security while only a few of them are designed with privacy in mind. Identity Providers in federated eID schemes are observed to be a privacy hotspot as they store user information and can uniquely identify the user. The use of homomorphic encryption and block chain in eID schemes is further explored in order to prevent the Identity Provider from becoming a privacy hotspot while fullling its role in the scheme.@en