I think the reason these systems require device bound keys is because the government is concerned with easily mass-produced forged age certificates. With software keys you can get an age certificate which can be copied instantly to a large number of devices, with hardware keys the government knows that the certificate is tied to a single physical unit.

▲

KoolKat23 6 hours ago | parent | next [-]

Again, at this point, they're taking things too far,age gates shouldn't need to be an impenetrable fortress (notwithstanding the question of whether they should exist in the first place).

It should simply be the adult account on the device is notified if the device is rooted, effectively no longer in child mode. Go crazy with the warnings on both devices if you want as they've opted in at that point.

▲

tomega2134 3 hours ago | parent | prev [-]

Is this EU protocol so weak that it cannot withstand this attack, i.e. is duplicate age certificate use not detected or prevented?

	▲	ulrikrasmussen an hour ago \| parent [-]
		You can't really prevent that unless you design a system which is inherently designed to track people, e.g. by phoning home to the issuer on each credential verification. The system being deployed right now is based on the issuer issuing batches of single-use credential tokens to device-bound single-use keys, which on the plus side means that colluding verifiers cannot use age credentials as cookies to track people. It is still vulnerable to colluding verifiers and issuers though, because the issuer can de-anonymize the tokens (it knows them and their linking to the identity of the user). This scheme also means that if the keys that the tokens are issued to are not device bound, then it is trivial to copy the age credentials to someone else. To my knowledge, even more sophisticated ZKP schemes still rely on device bound keys to protect against duplication.