Is there a way to authenticate users online without knowing their real identity yet preventing them from registering twice? If not, what is the least amount of information you would need? If it helps, you may assume the user has a smart phone and you have access to all its sensors. Probabilistic guarantees are quite acceptable (e.g., 1-$\epsilon$ certainty of uniqueness for small $\epsilon$).
Asked
Active
Viewed 416 times
1 Answers
2
The easiest way would be to make use of a trusted third party. In this way, users can authenticate to the trusted party (maybe with the cellphone/IMEI number) which then issues them with a "ticket" or "group/blind signature" along with a pseudo-identity, similar to those used in e-voting schemes. The pseudo-identities can then be checked for duplicates.
Without a third party, I think it will be hard for you to proof that each user is unique even if you have access to all his sensors. e.g. user can always change his current location to change the gps, temperature, illumination, and humidity sensor readings.
jingyang
- 744
- 3
- 5