{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,30]],"date-time":"2026-03-30T10:30:49Z","timestamp":1774866649710,"version":"3.50.1"},"reference-count":39,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2020,2,10]],"date-time":"2020-02-10T00:00:00Z","timestamp":1581292800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100010661","name":"Horizon 2020 Framework Programme","doi-asserted-by":"publisher","award":["786725"],"award-info":[{"award-number":["786725"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Privacy enhancing technologies (PETs) allow to achieve user\u2019s transactions unlinkability across different online Service Providers. However, current PETs fail to guarantee unlinkability against the Identity Provider (IdP), which becomes a single point of failure in terms of privacy and security, and therefore, might impersonate its users. To address this issue, OLYMPUS EU project establishes an interoperable framework of technologies for a distributed privacy-preserving identity management based on cryptographic techniques that can be applied both to online and offline scenarios. Namely, distributed cryptographic techniques based on threshold cryptography are used to split up the role of the Identity Provider (IdP) into several authorities so that a single entity is not able to impersonate or track its users. The architecture leverages PET technologies, such as distributed threshold-based signatures and privacy attribute-based credentials (p-ABC), so that the signed tokens and the ABC credentials are managed in a distributed way by several IdPs. This paper describes the Olympus architecture, including its associated requirements, the main building blocks and processes, as well as the associated use cases. In addition, the paper shows how the Olympus oblivious architecture can be used to achieve privacy-preserving M2M offline transactions between IoT devices.<\/jats:p>","DOI":"10.3390\/s20030945","type":"journal-article","created":{"date-parts":[[2020,2,11]],"date-time":"2020-02-11T11:45:30Z","timestamp":1581421530000},"page":"945","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["The OLYMPUS Architecture\u2014Oblivious Identity Management for Private User-Friendly Services"],"prefix":"10.3390","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2851-5706","authenticated-orcid":false,"given":"Rafael","family":"Torres Moreno","sequence":"first","affiliation":[{"name":"Department of Information and Communications Engineering, University of Murcia, 30100 Murcia, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7538-4788","authenticated-orcid":false,"given":"Jorge","family":"Bernal Bernabe","sequence":"additional","affiliation":[{"name":"Department of Information and Communications Engineering, University of Murcia, 30100 Murcia, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4898-1341","authenticated-orcid":false,"given":"Jes\u00fas","family":"Garc\u00eda Rodr\u00edguez","sequence":"additional","affiliation":[{"name":"Department of Information and Communications Engineering, University of Murcia, 30100 Murcia, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tore","family":"Kasper Frederiksen","sequence":"additional","affiliation":[{"name":"Security Lab, Alexandra Institute, N. 8200 Aarhus, Denmark"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Stausholm","sequence":"additional","affiliation":[{"name":"Security Lab, Alexandra Institute, N. 8200 Aarhus, Denmark"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0100-2430","authenticated-orcid":false,"given":"Noelia","family":"Mart\u00ednez","sequence":"additional","affiliation":[{"name":"Consulting and Development, Logalty, 08036 Barcelona, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6852-384X","authenticated-orcid":false,"given":"Evangelos","family":"Sakkopoulos","sequence":"additional","affiliation":[{"name":"Scytales AB, 187 66 T\u00e4by, Sweden"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9105-5036","authenticated-orcid":false,"given":"Nuno","family":"Ponte","sequence":"additional","affiliation":[{"name":"Multicert, 4100-468 Porto, Portugal"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5525-1259","authenticated-orcid":false,"given":"Antonio","family":"Skarmeta","sequence":"additional","affiliation":[{"name":"Department of Information and Communications Engineering, University of Murcia, 30100 Murcia, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2020,2,10]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"De Clercq, J. (2002). Single sign-on architectures. Single Sign-On Architectures, Springer.","DOI":"10.1007\/3-540-45831-X_4"},{"key":"ref_2","unstructured":"Hardt, D. (2019, December 05). The OAuth 2.0 Authorization Framework. Available online: http:\/\/www.hjp.at\/doc\/rfc\/rfc6749.html."},{"key":"ref_3","unstructured":"Campbell, B., Jones, M., and Mortimore, C. (2019, December 01). Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants. Available online: https:\/\/www.hjp.at\/doc\/rfc\/rfc7522.html."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Kosar, T., and Livny, M. (2004, January 23\u201324). Stork: Making data placement a first class citizen in the grid. Proceedings of the 24th International Conference on Distributed Computing Systems, Tokio, Japan.","DOI":"10.1109\/ICDCS.2004.1281599"},{"key":"ref_5","unstructured":"Council of European Union (2019, December 06). Council Regulation (EU) no 910\/2014, Available online: https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=uriserv%3AOJ.L_.2014.257.01.0073.01.ENG."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Moreno, R.T., Bernabe, J.B., Skarmeta, A., Stausholm, M., Frederiksen, T.K., Mart\u00ednez, N., Ponte, N., Sakkopoulos, E., and Lehmann, A. (2019, January 17\u201321). Olympus: Towards oblivious identity management for private and user-friendly services. Proceedings of the 2019 Global IoT Summit (GIoTS), Aarhus, Denmark.","DOI":"10.1109\/GIOTS.2019.8766357"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Camenisch, J., M\u00f6dersheim, S., and Sommer, D. (2010, January 20\u201321). A formal model of identity mixer. Proceedings of the International Workshop on Formal Methods for Industrial Critical Systems, Antwerp, Belgium.","DOI":"10.1007\/978-3-642-15898-8_13"},{"key":"ref_8","unstructured":"Adams, C., Farrell, S., Kause, T., and Mononen, T. (2019, December 06). Internet X. 509 Public Key Infrastructure Certificate Management Protocol (CMP). Available online: http:\/\/www.hjp.at\/doc\/rfc\/rfc4210.html."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Chadwick, D.W. (2009). Federated identity management. Foundations of Security Analysis and Design V, Springer.","DOI":"10.1007\/978-3-642-03829-7_3"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Recordon, D., and Reed, D. (2006). OpenID 2.0: A platform for user-centric identity management. Second ACM Workshop on Digital Identity Management: DIM 2006, IOS Press.","DOI":"10.1145\/1179529.1179532"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Abowd, G., Brumitt, B., and Shafer, S. (2001). Privacy by design\u2014principles of privacy-aware ubiquitous systems. Ubicomp 2001: Ubiquitous Computing, Springer.","DOI":"10.1007\/3-540-45427-6"},{"key":"ref_12","unstructured":"Paquin, C., and Zaverucha, G. (2019, November 18). U-Prove Cryptographic Specification v1. 1. Available online: https:\/\/www.microsoft.com\/en-us\/research\/wp-content\/uploads\/2016\/02\/U-Prove20Cryptographic20Specification20V1.1.pdf."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Sabouri, A., and Rannenberg, K. (2014, January 7\u201312). ABC4Trust: Protecting privacy in identity management by bringing privacy-ABCs into real-life. Proceedings of the IFIP International Summer School on Privacy and Identity Management, Patras, Greece.","DOI":"10.1007\/978-3-319-18621-4_1"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"409","DOI":"10.1016\/j.future.2019.08.017","article-title":"ARIES: Evaluation of a reliable and privacy-preserving European identity management framework","volume":"102","author":"Bernabe","year":"2020","journal-title":"Future Gen. Comput. Syst."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Agrawal, S., Miao, P., Mohassel, P., and Mukherjee, P. (2018, January 15\u201319). PASTA: PASsword-based Threshold Authentication. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada.","DOI":"10.1145\/3243734.3243839"},{"key":"ref_16","unstructured":"Stadler, M. (1996, January 12\u201316). Publicly verifiable secret sharing. Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Saragossa, Spain."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Camenisch, J., Lehmann, A., and Neven, G. (2015, January 12\u201316). Optimal Distributed Password Verification. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications, Denver, CO, USA.","DOI":"10.1145\/2810103.2813722"},{"key":"ref_18","unstructured":"Shoup, V. (2000, January 14\u201318). Practical Threshold Signatures. Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Bruges, Belgium."},{"key":"ref_19","unstructured":"Langford, S.K. (1995, January 27\u201331). Threshold DSS Signatures without a Trusted Party. Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA."},{"key":"ref_20","unstructured":"Chaum, D. (1982, January 23\u201325). Blind Signatures for Untraceable Payments. Proceedings of the CRYPTO \u201982, Santa Barbara, CA, USA."},{"key":"ref_21","unstructured":"Baum, C., Frederiksen, T.K., Hesse, J., Lehmann, A., and Yanai, A. (2019, December 01). Cryptology ePrint Archive, Report 2019\/1470. Available online: https:\/\/eprint.iacr.org\/2019\/1470."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1145\/358549.358563","article-title":"Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms","volume":"24","author":"Chaum","year":"1981","journal-title":"Commun. ACM"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"1030","DOI":"10.1145\/4372.4373","article-title":"Security without identification: Transaction systems to make big brother obsolete","volume":"28","author":"Chaum","year":"1985","journal-title":"Commun. ACM"},{"key":"ref_24","unstructured":"Camenisch, J., and Lysyanskaya, A. (2019, December 05). Cryptology ePrint Archive, Report 2001\/019. Available online: http:\/\/eprint.iacr.org\/2001\/019."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Camenisch, J., and Lysyanskaya, A. (2004, January 15\u201319). Signature Schemes and Anonymous Credentials from Bilinear Maps. Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA.","DOI":"10.1007\/978-3-540-28628-8_4"},{"key":"ref_26","unstructured":"Pointcheval, D., and Sanders, O. (March, January 29). Short Randomizable Signatures. Proceedings of the Cryptographers\u2019 Track at the RSA Conference, San Francisco, CA, USA."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Sonnino, A., Al-Bassam, M., Bano, S., and Danezis, G. (2019, January 24\u201327). Coconut: Threshold Issuance Selective Disclosure Credentials with Applications to Distributed Ledgers. Proceedings of the Network and Distributed Systems Security (NDSS) Symposium, San Diego, CA, USA.","DOI":"10.14722\/ndss.2019.23272"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Herzberg, A., Jarecki, S., Krawczyk, H., and Yung, M. (1995, January 27\u201331). Proactive Secret Sharing Or: How to Cope With Perpetual Leakage. Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA.","DOI":"10.1007\/3-540-44750-4_27"},{"key":"ref_29","unstructured":"Camenisch, J., Enderlein, R.R., and Neven, G. (April, January 30). Two-Server Password-Authenticated Secret Sharing UC-Secure Against Transient Corruptions. Proceedings of the IACR International Workshop on Public Key Cryptography, Gaithersburg, MD, USA."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Camenisch, J., Drijvers, M., Lehmann, A., Neven, G., and Towa, P. (2019, December 06). Short Threshold Dynamic Group Signatures. Available online: https:\/\/eprint.iacr.org\/2020\/016.","DOI":"10.1007\/978-3-030-57990-6_20"},{"key":"ref_31","unstructured":"ISO\/IEC CD 18013-5:2019(E) (2019, December 01). Personal Identification\u2014ISO Compliant Driving Licence\u2014Part 5: Mobile Driving Licence (mDL) Application. Available online: https:\/\/www.iso.org\/standard\/69084.html."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Sakkopoulos, E., Ioannou, Z., and Viennas, E. (2018, January 23\u201325). Mobile Personal Information Exchange Over BLE. Proceedings of the 2018 9th International Conference on Information, Intelligence, Systems and Applications (IISA), Zakynthos, Greece.","DOI":"10.1109\/IISA.2018.8633599"},{"key":"ref_33","unstructured":"(2019, December 01). Regulation (EU) no 2016\/679. Available online: https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX:32016R0679."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1109\/MCOM.2016.7565269","article-title":"ARMY: Architecture for a secure and privacy-aware lifecycle of smart objects in the internet of my things","volume":"54","author":"Bernabe","year":"2016","journal-title":"IEEE Commun. Mag."},{"key":"ref_35","first-page":"6384186\u20131","article-title":"Holistic privacy-preserving identity management system for the internet of things","volume":"2017","year":"2017","journal-title":"Mobile Inf. Syst."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"4767","DOI":"10.1109\/ACCESS.2017.2788464","article-title":"Integration of Anonymous Credential Systems in IoT constrained environments","volume":"6","author":"Sanchez","year":"2018","journal-title":"IEEE Access"},{"key":"ref_37","unstructured":"Kiayias, A., and Zhou, H.-S. (2019, December 05). Equivocal Blind Signatures and Adaptive UC-Security. Available online: https:\/\/www.iacr.org\/archive\/tcc2008\/49480334\/49480334.pdf."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Jawurek, M., Kerschbaum, F., and Orlandi, C. (2019, December 06). Zero-knowledge Using Garbled Circuits: How To Prove Non-Algebraic Statements Efficiently. Available online: https:\/\/eprint.iacr.org\/2013\/073.","DOI":"10.1145\/2508859.2516662"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"164908","DOI":"10.1109\/ACCESS.2019.2950872","article-title":"Privacy-Preserving Solutions for Blockchain: Review and Challenges","volume":"7","author":"Canovas","year":"2019","journal-title":"IEEE Access"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/3\/945\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T08:56:37Z","timestamp":1760172997000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/3\/945"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,2,10]]},"references-count":39,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2020,2]]}},"alternative-id":["s20030945"],"URL":"https:\/\/doi.org\/10.3390\/s20030945","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,2,10]]}}}