Multi-dimensional credentialing using veiled certificates: Protecting privacy in the face of regulatory reporting requirements

Traditional certificates are designed to establish and document characteristics belonging to a specific individual, be it an identification number (i.e., social security number, driver's license number), a level of achievement (i.e., college degree, license to practice a profession), or membership status (i.e., company ID, trade union card). The digital certificate extends this concept into the electronic world, identifying and linking the certificate holder to a public encryption key that is subsequently used as a means of identification. Current identity certificates provide unique identification and tracking, however it is exactly these characteristics that have led to concerns over identity theft and privacy of personal information. The veiled certificate introduced in this paper addresses these issues by providing means of linking certificates from multiple certifying authorities while masking the user's identity from non-authorized individuals and satisfying the regulatory need of unique, explicit identification. With the ability to be implemented within existing X.509 standards, veiled certification extends traditional digital certificates with features useful in combating identity theft and invasion of privacy.