Proving your age without sharing identifying information? Proof by POC!
The 4th issue of “Shedding light on…" posted by PEReN had announced it, it is now a reality! The proof of concept (POC) of a secure mechanism for transmitting an individual’s age by double anonymity has been published by the CNIL’s Digital Innovation Laboratory (LINC).
This prototype is the result of a collaboration between the CNIL, Prof. Olivier Blazy (LIX, École Polytechnique) and PEReN. Its principle? When a user consults an age-restricted service, he or she is redirected to a third-party service that performs the age verification and generates a token in return for the requesting site. The innovation consists in the implementation of a cryptographic protocol for the transfer of the proof of age between the requesting site and the third-party certifying service while guaranteeing double anonymity. The requesting service would thus have no data on the user which have enabled the age check, and the certifying service would not know the requesting service.
Although improvements and variations have already been identified, this prototype nevertheless opens up new avenues for better protection of individuals when age recognition is required on the Internet.