JIS  Vol.8 No.3 , July 2017
Private Personal Information Verification
Abstract: Physical document verification is a necessary task in the process of reviewing applications for a variety of services, such as loans, insurance, and mortgages. This process consumes a large amount of time, money, and human resources, which leads to limited business throughput. Furthermore, physical document verification poses a critical risk to clients’ personal information, as they are required to provide sensitive details and documents to verify their information. In this paper, we present a systematic approach to address shortcomings in the current state of the processes used for physical document verification. Our solution leverages a semi-trusted party data source (i.e. a governmental agency) and cryptographic protocols to provide a secure digital service. We make use of homomorphic encryption and secure multi-party computation to develop a series of protocols for private integer comparison and (non-) membership testing. Secure boolean evaluation and secure result aggregation schemes are proposed to combine the results of the evaluation of multiple predicates and produce the final outcome of the verification process. We also discuss possible improvements and other applications of the proposed secure system of protocols. Our framework not only provides a cost-efficient and secure solution for document verification, but also creates space for a new service.
Cite this paper: Do, H. and Ng, W. (2017) Private Personal Information Verification. Journal of Information Security, 8, 223-239. doi: 10.4236/jis.2017.83015.

[1]   Goldwasser, S., Micali, S. and Rackoff, C. (1985) The Knowledge Complexity of Interactive Proof-Systems (Extended Abstract). Proceedings of the 17th Annual ACM Symposium on Theory of Computing, Providence.

[2]   Yang, Y.J., Zhou, J.Y., Weng, J. and Bao, F. (2009) A New Approach for Anonymous Password Authentication. Twenty-Fifth Annual Computer Security Applications Conference, Honolulu.

[3]   Groth, J. (2005) Non-Interactive Zero-Knowledge Arguments for Voting. Third International Conference on Applied Cryptography and Network Security, New York.

[4]   Camenisch, J., Hohenberger, S. and Lysyanskaya, A. (2006) Balancing Accountability and Privacy Using e-Cash (Extended Abstract). 5th International Conference on Security and Cryptography for Networks, Maiori.

[5]   Camenisch, J., Chaabouni, R. and Shelat, A. (2008) Efficient Protocols for Set Membership and Range Proofs. Advances in Cryptology-ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne.

[6]   Kissner, L. and Song, D. (2005) Privacy-Preserving Set Operations. Advances in Cryptology-CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara.

[7]   De Cristofaro, E., Gasti, P. and Tsudik, G. (2012) Fast and Private Computation of Cardinality of Set Intersection and Union. Cryptology and Network Security, 11th International Conference, CANS 2012, Darmstadt.

[8]   Yao, A.C.-C. (1982) Protocols for Secure Computations (Extended Abstract). 23rd Annual Symposium on Foundations of Computer Science, Chicago.

[9]   Blake, I.F. and Kolesnikov, V. (2009) One-Round Secure Comparison of Integers. Journal of Mathematical Cryptology, 3.

[10]   Gentry, C., Halevi, S., Jutla, C.S. and Raykova, M. (2015) Private Database Access with He-Over-Oram Architecture. 13th International Conference on Applied Cryptography and Network Security, New York.

[11]   Paillier, P. (1999) Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. Advances in Cryptology—EUROCRYPT99, International Conference on the Theory and Application of Cryptographic Techniques, Prague.

[12]   Damgård, I. and Jurik, M. (2001) A Generalisation, a Simplification and Some Applications of Paillier’s Probabilistic Public-Key System. Public Key Cryptography, 4th International Workshop on Practice and Theory in Public Key Cryptography, Cheju Island.

[13]   Goldreich, O. (2004) The Foundations of Cryptography: Vol. 2, Basic Applications. Cambridge University Press, Cambridge.

[14]   Chaum, D. (1985) Security without Identification: Transaction Systems to Make Big Brother Obsolete. Communications of the ACM, 28, 1030-1044.

[15]   Camenisch, J. and Lysyanskaya, A. (2002) A Signature Scheme with Efficient Protocols. 3rd International Conference on Security in Communication Networks, Amalfi.

[16]   Di Crescenzo, G. (2000) Private Selective Payment Protocols. Financial Cryptography, 4th International Conference, Anguilla.

[17]   Fischlin, M. (2001) A Cost-Effective Pay-Per-Multiplication Comparison Method for Millionaires. Topics in Cryptology, The Cryptographer’s Track at RSA Conference, San Francisco.