Meta has open-sourced Anonymous Credential Service (ACS), a highly available multitenant service that allows clients to authenticate in a de-identified manner

The least amount of data must be gathered by all businesses in order to avoid personally identifiable information from getting into the wrong hands.

The method taken by Meta developers in their approach to data minimization was discussed in a talk they gave, along with an internal solution they devised called the Anonymous Credentials Service (ACS). Meta recently open-sourced it. Anonymous Credential Services(ACS) is a service that allows multi-client authentication.

Blind signatures and verifiable oblivious pseudorandom functions (VOPRFs) form the foundation of the anonymous credential protocol.

In the ACS, a client provides a token to the server via an authentication channel, which the server subsequently signs and returns.

Then, instead of using the user’s ID for authentication, the client submits data to the server via an anonymous channel and authenticates it using a modified version of the token. As a result, servers can authenticate users without being aware of the client a token is associated with.

The ACS offers a mechanism to maintain the confidentiality of protected information while ensuring that the organization has adequate data to carry out its essential functions. It is computer-aware while simultaneously improving privacy and security.

While authentication data is delivered using a blinded token, business data is sent using unblinded tokens. The client can hold tokens for several hours or even several days, which is notable because the token issuance and redemption steps do not occur simultaneously. The client can fetch a token and quickly redeem it if they need to log data but are out of tokens. However, in order to assist in preventing an identity from being deduced from the data, these two procedures are included in separate requests.
The token, along with signed unblinded token, acts as the client’s authentication. To sign tokens, the token issuance server utilizes a secret key that cannot be deduced from client-side observations. This makes the arrangement very effective.

There are a few challenges ACS faces that were solved, like the problem of Token redemption counting. In order to restrict the amount of token redemption times, the researchers used a real-time, dependable, and secure counting service. They also solved the problem of key rotation. A key pair is necessary for the anonymous credential protocol. The server signs the token with a secret key and verifies the redemption request. To unblind the token, the client needs a corresponding public key.

Through the creation of the ACS by Meta, the company now has a fresh method for authenticating users and guaranteeing the security of crucial services while severing their identities from personally identifiable data. Industries that use anonymous credential solutions may benefit from the extensible, modular architecture of the ACS.

Don’t forget to join our Reddit page and discord channel, where we share the latest AI research news, cool AI projects, and more.