Direct Anonymous Attestation


Direct Anonymous Attestation (DAA) is a Cryptographic Primitive which enables remote authentication of a Trusted Platform Module whilst preserving privacy of the devices's user.

Direct Anonymous Attestation protocol has been adopted by the Trusted Computing Group (TCG) in the latest version of its Trusted Platform Module (TPM) specification[1] to address Privacy Considerations. ISO/IEC 20008ISO 20008(info) specifies Direct Anonymous Attestation, as well, and Intel Corporation's Enhanced Privacy ID (EPID) 2.0 implementation for microprocessors is available for licensing RAND-Z along with an Open Source SDK.

Direct Anonymous Attestation extends the standard attestation capabilities of the Trusted Platform Module to allow for anonymous attestations of TPM state and to admit Pseudonyms that are cryptographically bound to the Trusted Platform Module’s internal identity certificate.

Direct Anonymous Attestation Limitations#

Direct Anonymous Attestation employs blind signatures and thus require the appointment of a central Authoritative Entity, a trusted Third-party to issue the credentials.

Direct Anonymous Attestation Authoritative Entity exploits or Malicious or other Unfortunate events can seriously damage the reliability of the credential system. Moreover, compromise or issuer Malicious action or other failure can be particularly difficult to detect in an anonymous credential systems.

More Information#

There might be more information for this subject on one of the following: