ABSTRACT
Typically, when a borrower (Bob) wishes to establish a tradeline (e.g., a mortgage, an automobile loan, or a credit card) with a lender (Linda), Bob is subjected to a credit check by Linda. The credit check is done by having Linda obtain financial information about Bob in the form of a credit report. Credit reports are maintained by Credit Report Agencies, and contain a large amount of private information about individuals. Furthermore, Linda's criteria for loan qualification are also private information. We propose a "privacy-preserving" credit check scheme that allows Bob to have his credit checked without divulging private information to Linda while protecting Linda's interests. We give protocols for achieving the above while: i) protecting Bob's private information, ii) making sure that Bob cannot lie about his credit (thus Linda is assured that the information is accurate), iii) that Linda's qualification criteria are protected, and iv) that the CRA does not learn from the protocols anything other than "Bob requested a loan from Linda". What distinguishes this work from the traditional two-party privacy-preserving framework is (i) the need for secure and privacy-preserving third-party verification of the accuracy of the inputs used, and (ii) the fact that the function being computed is private to the lender and should not be revealed to either the borrower or to the above-mentioned third-party verifier. Although we choose to present the techniques of this paper for the credit checking application domain, they have much broader applicability and in fact work for any situation where there is a repository of public and private information about individuals, that is subsequently used for making decisions that impact the individuals (a credit rating agency is but one example of such a repository).
- Equifax. http://www.equifax.comGoogle Scholar
- Experian. http://www.experian.comGoogle Scholar
- TransUnion. http://www.transunion.comGoogle Scholar
- Michael Ben-Or and Avi Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Proceedings of the twentieth annual ACM symposium on Theory of computing, pages 1--10. ACM Press, 1988. Google ScholarDigital Library
- R. Canetti, Y. Ishai, R. Kumar, M. Reiter, R. Rubinfeld, and R. Wright. Selective private function evaluation with applications to private statistics, 2001.Google Scholar
- David Chaum, Claude Crepeau, and Ivan Damgard. Multiparty unconditionally secure protocols. In Proceedings of the twentieth annual ACM symposium on Theory of computing, pages 11--19. ACM Press, 1988. Google ScholarDigital Library
- O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. In Proceedings of the nineteenth annual ACM conference on Theory of computing, pages 218--229. ACM Press, 1987. Google ScholarDigital Library
- Oded Goldreich. Secure multi-party computation. Working Draft, 2000.Google Scholar
- Shafi Goldwasser. Multi party computations: past and present. In Proceedings of the sixteenth annual ACM symposium on Principles of distributed computing, pages 1--6. ACM Press, 1997. Google ScholarDigital Library
- Jason E. Holt, Robert W. Bradshaw, Kent E. Seamons, and Hilarie Orman. Hidden credentials. In Proceedings of the 2nd ACM Workshop on Privacy in the Electronic Society, October 2003. Google ScholarDigital Library
- J. Katz and R. Ostrovsky. Round optimal secure two-party computation. In CRYPTO 04, 2004.Google ScholarCross Ref
- Ninghui Li, Wenliang Du, and Dan Boneh. Oblivious signature-based envelope. In Proceedings of the 22nd ACM Symposium on Principles of Distributed Computing (PODC 2003). ACM Press, July 2003. Google ScholarDigital Library
- D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella. Fairplay-a secure two-party computation system. In Proceedings of Usenix Security, 2004. Google ScholarDigital Library
- Moni Naor and Benny Pinkas. Oblivious transfer and polynomial evaluation. In Proceedings of the thirty-first annual ACM symposium on Theory of computing, pages 245-254. ACM Press, 1999. Google ScholarDigital Library
- Moni Naor and Benny Pinkas. Efficient oblivious transfer protocols. In Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms, pages 448--457. Society for Industrial and Applied Mathematics, 2001. Google ScholarDigital Library
- Moni Naor, Benny Pinkas, and Reuban Sumner. Privacy preserving auctions and mechanism design. In EC '99: Proceedings of the 1st ACM conference on Electronic commerce, pages 129-139. ACM Press, 1999. Google ScholarDigital Library
- P. Rogaway. The Round Complexity of Secure Protocols. Ph.d. thesis, MIT, 1991. Available at http://www.cs.ucdavis.edu/ rogaway/papers. Google ScholarDigital Library
- Bruce Schneier. Applied Cryptography - Protocols, algorithms, and souce code in C. John Wiley & Sons, Inc., 1996. Google ScholarDigital Library
- A.C Yao. Protocols for secure computation. In Proceedings of the 23rd Annual IEEE Symposium on Foundations of Computer Science, pages 160--164, 1982.Google ScholarDigital Library
- A.C Yao. How to generate and exchange secrets. In Proceedings of the 27th Annual IEEE Symposium on Foundations of Computer Science, pages 162--167, 1986.Google ScholarDigital Library
Index Terms
- Privacy-preserving credit checking
Recommendations
A privacy framework: indistinguishable privacy
EDBT '13: Proceedings of the Joint EDBT/ICDT 2013 WorkshopsIn this paper we illustrate a privacy framework named Indistinguishable Privacy. Indistinguishable privacy could be deemed as the formalization of the existing privacy definitions in privacy preserving data publishing as well as secure multi-party ...
Privacy-preserving computation of benchmarks on item-level data using RFID
WiSec '10: Proceedings of the third ACM conference on Wireless network securityCurrently, companies are about to optimize their internal processes by monitoring items they handle with Radio Frequency Identification (RFID). However, there is a risk that sensitive information is disclosed when sharing RFID data with other companies. ...
Privacy preserving group linkage
SSDBM'11: Proceedings of the 23rd international conference on Scientific and statistical database managementThe problem of privacy preserving record linkage is to find the intersection of records from two parties, while not revealing any private records to each other. Recently, group linkage has been introduced to measure the similarity of groups of records [...
Comments