Identity Escrow

We introduce the concept of escrowed identity, an application of key-escrow ideas to the problem of authentication. In escrowed identity , one party A does not give his identity to another party B, but rather gives him information that would allow an authorized third party E to determine A's identity. However, B receives a guarantee that E can indeed determine A's identity. We consider a number of possible features of escrowed identity schemes, and describe a variety of implementations that achieve various subsets of these features. In particular , we observe that group signature schemes can be used to escrow identities, achieving most (though not all) of the desired features. The most interesting feature we consider is separability. The escrow agency is not involved in the day to day operation of the identiication system, but is only called in when anonymity must be revoked. In the extreme case, there exist identity escrow schemes in which an arbitrary party (possessing a public key) can be designated an escrow agent without any knowledge or participation on their part until they are asked to revoke someone's anonymity.