Trusted “identity-as-a-service” (WP5)

WP5 (Trusted “Identity-As-A-Service”) builds on the results of WP4. While WP4 focuses on the life-cycle of Primary Identities (PID) and the creation of Secondary Identities (SID), WP5 focuses on the life-cycle of Secondary Identities. With a Secondary Identity, citizens will be able to identify themselves in a privacy-friendly way for services offered by the governmental or private sector, including online identity servicing and web applications. The focus lies on the mobile banking use case.

Within the consortium we formulated the requirements for the IaaS online infrastructure.

For each use case, three categories of requirements have been identified:

  • Business requirements;
  • System requirements;
  • And user-related requirements.

These requirements are taken into account:

  • Relevant legislation for European ID management systems, including banks and other financial institutions;
  • Standards regarding identity tokens technology;
  • Component functionalities and objectives;
  • Security mechanisms for protection of processes;
  • And protection of citizens’ security and privacy.

In addition, the interfaces are described. The objective is to specify the information that is exchanged over the interfaces of the IaaS infrastructure, taking into account the privacy of citizens. To facilitate integration of different components, tools are provided by different partners.

For each interface in each sub process, a description is given:

  • Objectives of components on the both sides of interface;
  • Steps components need to perform in order to achieve objectives;
  • Information that is exchanged over the interface in order to meet objectives, taking privacy into account;
  • (International) standards that apply to this interface (if any);
  • And technologies – from a common practice point of view – to be used for implementing this interface.

The consortium has been investigating privacy-friendly revocation techniques, and discussing some technical aspects regarding the ITR.

Conversations have been held regarding the biometric technology, attempting to provide advice on a feasible protection scheme for the biometric templates. There has been some research done on “multi-factor authentication technologies for privacy-preserving authentication” and “combination of homomorphic encryption, protected biometrics and fixed authentication factors for privacy-preserving authentication,” which are more or less reflected in two papers:  “An efficient entity authentication protocol with enhanced security and privacy properties” and “Efficient verifiable computation of XOR for biometric authentication”. This all will lead to a proof-of-concept in which the selected use cases can be demonstrated.