The objective of the WP6 is to perform the assessment of the EKSISTENZ architecture and the technical mechanisms in terms of security, privacy and usability and with respect to the requirements set forth in the other WPs. Four deliverables were timetabled:
- D6.1 documented the threat model, considered adversarial capabilities and measurement approach both for security and privacy properties of EKSISTENZ solutions;
- D6.2 was an intermediate report for deliverables D6.3 and D6.4;
- D6.3 provided the results of the security and privacy evaluation of EKSISTENZ outputs;
- And D6.4 presented lessons learned from the project.
The main achievements of the EKSISTENZ project as identified through the evaluation process included the following:
- Building a Secondary Identity framework based on the eIDAS assurance levels, including a full set of requirements, processes and architecture.
- Incorporating biometric authentication based on face modality in the mobile environment to the identity management processes.
- The figure of the Misuse Identity Handler, a key component to handle with investigations related to identity frauds.
- The Identity Theft Register, a key component to provide timely response in the case of loss or steal of ID Tokens.
- The Where Are You From entity, which facilitates the use of secondary identities across borders.
- Implementation of a PoC that demonstrates the feasibility of the proposed solutions.
- Proposal of different PETs for (i) increasing the privacy protection associated with the use of biometrics in secondary identities, and (ii) increasing the privacy protection in digital signatures derived from secondary identities.
The purpose of the final deliverable, D6.4 was to extract knowledge from the EKSISTENZ evaluation and present conclusions that may be useful outside the context of the project, extracting the most relevant lessons learnt during the evaluation process about EKSISTENZ, including its strengths and weaknesses. It also aims at presenting future challenges for research that have not fully addressed during the project and are still important in the scope of identity management systems.