Article

Privacy-preserving credit checking

Authors:
Keith Frikken

Purdue University

Purdue University
View Profile

,
Mikhail Atallah

Purdue University

Purdue University
View Profile

,
Chen Zhang

Purdue University

Purdue University
View Profile

EC '05: Proceedings of the 6th ACM conference on Electronic commerceJune 2005Pages 147–154https://doi.org/10.1145/1064009.1064025

Published:05 June 2005Publication History

EC '05: Proceedings of the 6th ACM conference on Electronic commerce

Pages 147–154

ABSTRACT

Typically, when a borrower (Bob) wishes to establish a tradeline (e.g., a mortgage, an automobile loan, or a credit card) with a lender (Linda), Bob is subjected to a credit check by Linda. The credit check is done by having Linda obtain financial information about Bob in the form of a credit report. Credit reports are maintained by Credit Report Agencies, and contain a large amount of private information about individuals. Furthermore, Linda's criteria for loan qualification are also private information. We propose a "privacy-preserving" credit check scheme that allows Bob to have his credit checked without divulging private information to Linda while protecting Linda's interests. We give protocols for achieving the above while: i) protecting Bob's private information, ii) making sure that Bob cannot lie about his credit (thus Linda is assured that the information is accurate), iii) that Linda's qualification criteria are protected, and iv) that the CRA does not learn from the protocols anything other than "Bob requested a loan from Linda". What distinguishes this work from the traditional two-party privacy-preserving framework is (i) the need for secure and privacy-preserving third-party verification of the accuracy of the inputs used, and (ii) the fact that the function being computed is private to the lender and should not be revealed to either the borrower or to the above-mentioned third-party verifier. Although we choose to present the techniques of this paper for the credit checking application domain, they have much broader applicability and in fact work for any situation where there is a repository of public and private information about individuals, that is subsequently used for making decisions that impact the individuals (a credit rating agency is but one example of such a repository).

References

Equifax. http://www.equifax.comGoogle Scholar
Experian. http://www.experian.comGoogle Scholar
TransUnion. http://www.transunion.comGoogle Scholar
Michael Ben-Or and Avi Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Proceedings of the twentieth annual ACM symposium on Theory of computing, pages 1--10. ACM Press, 1988. Google ScholarDigital Library
R. Canetti, Y. Ishai, R. Kumar, M. Reiter, R. Rubinfeld, and R. Wright. Selective private function evaluation with applications to private statistics, 2001.Google Scholar
David Chaum, Claude Crepeau, and Ivan Damgard. Multiparty unconditionally secure protocols. In Proceedings of the twentieth annual ACM symposium on Theory of computing, pages 11--19. ACM Press, 1988. Google ScholarDigital Library
O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. In Proceedings of the nineteenth annual ACM conference on Theory of computing, pages 218--229. ACM Press, 1987. Google ScholarDigital Library
Oded Goldreich. Secure multi-party computation. Working Draft, 2000.Google Scholar
Shafi Goldwasser. Multi party computations: past and present. In Proceedings of the sixteenth annual ACM symposium on Principles of distributed computing, pages 1--6. ACM Press, 1997. Google ScholarDigital Library
Jason E. Holt, Robert W. Bradshaw, Kent E. Seamons, and Hilarie Orman. Hidden credentials. In Proceedings of the 2nd ACM Workshop on Privacy in the Electronic Society, October 2003. Google ScholarDigital Library
J. Katz and R. Ostrovsky. Round optimal secure two-party computation. In CRYPTO 04, 2004.Google ScholarCross Ref
Ninghui Li, Wenliang Du, and Dan Boneh. Oblivious signature-based envelope. In Proceedings of the 22nd ACM Symposium on Principles of Distributed Computing (PODC 2003). ACM Press, July 2003. Google ScholarDigital Library
D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella. Fairplay-a secure two-party computation system. In Proceedings of Usenix Security, 2004. Google ScholarDigital Library
Moni Naor and Benny Pinkas. Oblivious transfer and polynomial evaluation. In Proceedings of the thirty-first annual ACM symposium on Theory of computing, pages 245-254. ACM Press, 1999. Google ScholarDigital Library
Moni Naor and Benny Pinkas. Efficient oblivious transfer protocols. In Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms, pages 448--457. Society for Industrial and Applied Mathematics, 2001. Google ScholarDigital Library
Moni Naor, Benny Pinkas, and Reuban Sumner. Privacy preserving auctions and mechanism design. In EC '99: Proceedings of the 1st ACM conference on Electronic commerce, pages 129-139. ACM Press, 1999. Google ScholarDigital Library
P. Rogaway. The Round Complexity of Secure Protocols. Ph.d. thesis, MIT, 1991. Available at http://www.cs.ucdavis.edu/ rogaway/papers. Google ScholarDigital Library
Bruce Schneier. Applied Cryptography - Protocols, algorithms, and souce code in C. John Wiley & Sons, Inc., 1996. Google ScholarDigital Library
A.C Yao. Protocols for secure computation. In Proceedings of the 23rd Annual IEEE Symposium on Foundations of Computer Science, pages 160--164, 1982.Google ScholarDigital Library
A.C Yao. How to generate and exchange secrets. In Proceedings of the 27th Annual IEEE Symposium on Foundations of Computer Science, pages 162--167, 1986.Google ScholarDigital Library

Index Terms

Privacy-preserving credit checking
1. Applied computing
  1. Electronic commerce
    1. Secure online transactions
2. Security and privacy
  1. Human and societal aspects of security and privacy
  2. Software and application security
    1. Domain-specific security and privacy architectures

Recommendations

A privacy framework: indistinguishable privacy
EDBT '13: Proceedings of the Joint EDBT/ICDT 2013 Workshops

In this paper we illustrate a privacy framework named Indistinguishable Privacy. Indistinguishable privacy could be deemed as the formalization of the existing privacy definitions in privacy preserving data publishing as well as secure multi-party ...
Read More
Privacy-preserving computation of benchmarks on item-level data using RFID
WiSec '10: Proceedings of the third ACM conference on Wireless network security

Currently, companies are about to optimize their internal processes by monitoring items they handle with Radio Frequency Identification (RFID). However, there is a risk that sensitive information is disclosed when sharing RFID data with other companies. ...
Read More
Privacy preserving group linkage
SSDBM'11: Proceedings of the 23rd international conference on Scientific and statistical database management

The problem of privacy preserving record linkage is to find the intersection of records from two parties, while not revealing any private records to each other. Recently, group linkage has been introduced to measure the similarity of groups of records [...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
EC '05: Proceedings of the 6th ACM conference on Electronic commerce
June 2005
302 pages
ISBN:1595930493
DOI:10.1145/1064009
General Chair:
John Riedl
University of Minnesota
,
Program Chairs:
Michael Kearns
University of Pennsylvania
,
Michael Reiter
Carnegie Mellon University, Pittsburgh, PA
Copyright © 2005 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 5 June 2005
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
e-commerce
privacy
secure multi-party computation
secure protocol
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate664of2,389submissions,28%
Upcoming Conference
EC '24

Sponsor:

sigecom

The 25th ACM Conference on Economics and Computation

July 8 - 11, 2024

New Haven , CT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 20
  Total Citations
  View Citations
- 627
  Total Downloads
- Downloads (Last 12 months)8
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Privacy-preserving credit checking

EC '05: Proceedings of the 6th ACM conference on Electronic commerce

ABSTRACT

References

Cited By

Index Terms

Recommendations

A privacy framework: indistinguishable privacy

Privacy-preserving computation of benchmarks on item-level data using RFID

Privacy preserving group linkage