Prime Core  

Anonymous Credentials, introduced by Chaum made it possible for the first time to use applications which require an authentification anonymously. But still the classical credentials system made it possible to link subsequent presentations of the same credential which imposed a limit to the degree af anonimity possible for the user. Camenisch and Lysyanskaya suggest a solution to this problem unsing their system of anonymous credentials. By creating a plattform for managing and combining different attributes of different roles, identities or attributes it becomes easily possible to combine different identities and creating thereby a new one which contains nothing more than the information that is necessarily needed for the issuer to provide the service to the user. PRIME core was born.

The Identity Mixer helps the user to manage the PRIME core credentials. A special feature of the Identity Mixer is the „all-or-nothing sharing“. This feature enforces privacy sensitive interaction of the useres because disclosing one whole credential automatically leads to revealing all personal credentials. So user are forced to think carefully about the degree they are willing to reveal their information to others. In the long run they learn to adapt a responsible handling of senible data.

Prime Core – Overview

Web applications dealing with personal data in a privacy-friendly way have the need for anonymous credential systems. While there are already protocols describing anonymous credential systems and libraries, implementing the protocols, application using the libraries are still rare. PRIME core offers a set of useful web services. They exchange information by using cryptographic protocolls. It contains all necessary functionalities to run it on both client as well as server side.

Thus without applications supporting anonymous credentials, companies will not start building a credential infrastructure and vice versa. Using the Idemix library (used in the Identity Mixer), the PRIME core implements an easy way to issue and use anonymous credentials for web applications. By reducing the initial cost for both parties, the barrier of “starting first” can be lowered. In addition, the PRIME core keeps track of data, which has been released to third parties.

How to Use

In order to use the PRIME core it is required to have a Java runtime environment Version 6 installed. The PRIME core is a stand-alone application providing functionality by web services to other PRIME core instances and to the applications using PRIME functionality. The package includes configuration sets for server and also for clients (

To run PRIME core on server client side, it can be used as proxy or being called on demand by a firefox extension. If used on the server side, the graphical interface must being disabled.
Currently, the following web services exist:

  • system

    • perform access control
    • access PII
  • common

    • perform remote access control
    • pass server properties and abilities
  • restricted

    • convenient functions that have privacy impacts or expose information while circumventing certain PRIME features
  • issuer

    • issue and fetch credentials
  • policy/simplepolicy

    • access policies
  • debug

    • provide a human readable interface to configure the server and to access internal data directly via SQL

Some of the web services are password protected, in this way only the authorized application can access them. For developer a readme file is included on https://localhost:9906

Target Audience

  • Web-developers, who want to use anonymous credentials in an easy way
  • Java-Developers, who want to have an example implementation for the Idemix library
  • Java-Developers, who want to use this as a starting point for a full featured IdM solution

Future Plans

Implemetentaion of a Firefox extension which calls the functionally of PRIME core if needed automatically.

Further Information


File Size:


Platform: Java 6

Architecture: client-server-based


License: EPL

Download: Installer (Start the installer directly)