The State of the Electronic Identity Market: Technologies, Infrastructure, Services and Policies

Authenticating onto systems, connecting to mobile networks and providing identity data to access services is common ground for most EU citizens, however what is disruptive is that digital technologies fundamentally alter and upset the ways identity is managed, by people, companies and governments. Technological progress in cryptography, identity systems design, smart card design and mobile phone authentication have been developed as a convenient and reliable answer to the need for authentication. Yet, these advances ar enot sufficient to satisfy the needs across people's many spheres of activity: work, leisure, health, social activities nor have they been used to enable cross-border service implementation in the Single Digital Market, or to ensure trust in cross border eCommerce. The study findings assert that the potentially great added value of eID technologies in enabling the Digital Economy has not yet been fulfilled, and fresh efforts are needed to build identification and authentication systems that people can live with, trust and use. The study finds that usability, minimum disclosure and portability, essential features of future systems, are at the margin of the market and cross-country, cross-sector eID systems for business and public service are only in their infancy. This report joins up the dots, and provides significant exploratory evidence of the potential of eID for the Single Digital Market. A clear understanding of this market is crucial for policy action on identification and authentication, eSignature and interoperability.JRC.DDG.J.4-Information Societ

Privacy considerations for secure identification in social wireless networks

This thesis focuses on privacy aspects of identification and key exchange schemes for mobile social networks. In particular, we consider identification schemes that combine wide area mobile communication with short range communication such as Bluetooth, WiFi. The goal of the thesis is to identify possible security threats to personal information of users and to define a framework of security and privacy requirements in the context of mobile social networking. The main focus of the work is on security in closed groups and the procedures of secure registration, identification and invitation of users in mobile social networks. The thesis includes an evaluation of the proposed identification and key exchange schemes and a proposal for a series of modifications that augments its privacy-preserving capabilities. The ultimate design provides secure and effective identity management in the context of, and in respect to, the protection of user identity privacy in mobile social networks

A generic framework for process execution and secure multi-party transaction authorization

Process execution engines are not only an integral part of workflow and business process management systems but are increasingly used to build process-driven applications. In other words, they are potentially used in all kinds of software across all application domains. However, contemporary process engines and workflow systems are unsuitable for use in such diverse application scenarios for several reasons. The main shortcomings can be observed in the areas of interoperability, versatility, and programmability. Therefore, this thesis makes a step away from domain specific, monolithic workflow engines towards generic and versatile process runtime frameworks, which enable integration of process technology into all kinds of software. To achieve this, the idea and corresponding architecture of a generic and embeddable process virtual machine (ePVM), which supports defining process flows along the theoretical foundation of communicating extended finite state machines, are presented. The architecture focuses on the core process functionality such as control flow and state management, monitoring, persistence, and communication, while using JavaScript as a process definition language. This approach leads to a very generic yet easily programmable process framework. A fully functional prototype implementation of the proposed framework is provided along with multiple example applications. Despite the fact that business processes are increasingly automated and controlled by information systems, humans are still involved, directly or indirectly, in many of them. Thus, for process flows involving sensitive transactions, a highly secure authorization scheme supporting asynchronous multi-party transaction authorization must be available within process management systems. Therefore, along with the ePVM framework, this thesis presents a novel approach for secure remote multi-party transaction authentication - the zone trusted information channel (ZTIC). The ZTIC approach uniquely combines multiple desirable properties such as the highest level of security, ease-of-use, mobility, remote administration, and smooth integration with existing infrastructures into one device and method. Extensively evaluating both, the ePVM framework and the ZTIC, this thesis shows that ePVM in combination with the ZTIC approach represents a unique and very powerful framework for building workflow systems and process-driven applications including support for secure multi-party transaction authorization

Designing an architecture for secure sharing of personal health records : a case of developing countries

Includes bibliographical references.While there has been an increase in the design and development of Personal Health Record (PHR) systems in the developed world, little has been done to explore the utility of these systems in the developing world. Despite the usual problems of poor infrastructure, PHR systems designed for the developing world need to conform to users with different models of security and literacy than those designed for developed world. This study investigated a PHR system distributed across mobile devices with a security model and an interface that supports the usage and concerns of low literacy users in developing countries. The main question addressed in this study is: “Can personal health records be stored securely and usefully on mobile phones?” In this study, mobile phones were integrated into the PHR architecture that we/I designed because the literature reveals that the majority of the population in developing countries possess mobile phones. Additionally, mobile phones are very flexible and cost efficient devices that offer adequate storage and computing capabilities to users for typically communication operations. However, it is also worth noting that, mobile phones generally do not provide sufficient security mechanisms to protect the user data from unauthorized access

On Technology Neutral Policies for E–identity: a Critical Reflection Based on UK Identity Policy

This paper reviews the arguments for technology neutral e–identity policies. It uses the recent experience of identity policy in the UK, as well as a consideration of technological developments, to distinguish between two perspectives on technology neutral policies: legal and technological. Whilst the legal perspective on technology neutrality is intended to provide legal certainty, it fails to address discontinuous technological developments such as zero–knowledge systems and risk based assessments of identity and attribute claims. These are transforming the basis of identity policies and highlight the challenges of proposing technology neutral identity policies in law. The paper then applies the technological critique of technology neutrality to review a recent study on identity, authentication and signature policy in the EU

Strong Electronic Identification: Survey & Scenario Planning

The deployment of more high-risk services such as online banking and government services on the Internet has meant that the need and demand for strong electronic identity is bigger today more than ever. Different stakeholders have different reasons for moving their services to the Internet, including cost savings, being closer to the customer or citizen, increasing volume and value of services among others. This means that traditional online identification schemes based on self-asserted identities are no longer sufficient to cope with the required level of assurance demanded by these services. Therefore, strong electronic identification methods that utilize identifiers rooted in real world identities must be provided to be used by customers and citizens alike on the Internet. This thesis focuses on studying state-of-the-art methods for providing reliable and mass market strong electronic identity in the world today. It looks at concrete real-world examples that enable real world identities to be transferred and used in the virtual world of the Internet. The thesis identifies crucial factors that determine what constitutes a strong electronic identity solution and through these factors evaluates and compares the example solutions surveyed in the thesis. As the Internet become more pervasive in our lives; mobile devices are becoming the primary devices for communication and accessing Internet services. This has thus, raised the question of what sort of strong electronic identity solutions could be implemented and how such solutions could adapt to the future. To help to understand the possible alternate futures, a scenario planning and analysis method was used to develop a series of scenarios from underlying key economic, political, technological and social trends and uncertainties. The resulting three future scenarios indicate how the future of strong electronic identity will shape up with the aim of helping stakeholders contemplate the future and develop policies and strategies to better position themselves for the future

Strong Electronic Identification: Survey & Scenario Planning

The deployment of more high-risk services such as online banking and government services on the Internet has meant that the need and demand for strong electronic identity is bigger today more than ever. Different stakeholders have different reasons for moving their services to the Internet, including cost savings, being closer to the customer or citizen, increasing volume and value of services among others. This means that traditional online identification schemes based on self-asserted identities are no longer sufficient to cope with the required level of assurance demanded by these services. Therefore, strong electronic identification methods that utilize identifiers rooted in real world identities must be provided to be used by customers and citizens alike on the Internet. This thesis focuses on studying state-of-the-art methods for providing reliable and mass market strong electronic identity in the world today. It looks at concrete real-world examples that enable real world identities to be transferred and used in the virtual world of the Internet. The thesis identifies crucial factors that determine what constitutes a strong electronic identity solution and through these factors evaluates and compares the example solutions surveyed in the thesis. As the Internet become more pervasive in our lives; mobile devices are becoming the primary devices for communication and accessing Internet services. This has thus, raised the question of what sort of strong electronic identity solutions could be implemented and how such solutions could adapt to the future. To help to understand the possible alternate futures, a scenario planning and analysis method was used to develop a series of scenarios from underlying key economic, political, technological and social trends and uncertainties. The resulting three future scenarios indicate how the future of strong electronic identity will shape up with the aim of helping stakeholders contemplate the future and develop policies and strategies to better position themselves for the future