ENHANCED PRIVACY ID: A REMOTE ANONYMOUS ATTESTATION SCHEME FOR HARDWARE DEVICES
Enhanced Privacy ID (EPID) is a cryptographic scheme that enables the remote authentication of a hardware device while preserving the privacy of the device owner. A hardware device with an EPID private key embedded can prove to a remote party that it is a valid device, certified by the hardware manufacturer, without revealing its identity and without the verifier being able to link authentication attempts. In this article, we discuss hardware authentication and present several usage examples, such as secure e-commerce and digital drivers’ licenses. We then show that EPID can be used for hardware authentication securely and privately. We discuss several revocation capabilities of EPID that allow flexible revocation in different scenarios. For instance, in signature-based revocation, it is possible to revoke an EPID private key that signed a message, even though the identity of the key is not known. We show how these revocation methods can be used while protecting the rights of the user. We also compare EPID with other possible privacy techniques