Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anonymous, Liberal and User-Centric Electronic Identity Supports Citizen Privacy Protection in e-Government OASIS eGov Workshop - 1 May 2008 Libor Neumann.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Anonymous, Liberal and User-Centric Electronic Identity Supports Citizen Privacy Protection in e-Government OASIS eGov Workshop - 1 May 2008 Libor Neumann."— Presentation transcript:

1 Anonymous, Liberal and User-Centric Electronic Identity Supports Citizen Privacy Protection in e-Government OASIS eGov Workshop - 1 May 2008 Libor Neumann

2 2 Current electronic identity needs User-centric solution Technology-neutral solution Support of scalable levels of the security, including high security standards Protection against known and future attacks in the network environment Privacy protection Support for the functions and levels of security needed in the e-government

3 Current e-government privacy threats related to e-ID Digital certificates Certificates include personal data The quality of the data is verified by Certification Authority No access control to personal data used in the certificates Biometrics Biometric data are private data - data related to the body No access control or limited access control to biometric data used for remote e-ID Consequences Huge unmanaged distributed “database” storing private data The name or body cannot be changed if the data is misused The issue Personal data used by e-ID technology Not personal data stored in e-government systems

4 Anonymous identity (1) Anonymous identity – Nonsense? Real life examples of anonymous identity Mail carrier or the neighbour’s cat or dog Dog and its master Mother and her baby Program variable in virtual memory ALUCID ® separates distinguishing between subjects from naming of subjects

5 Anonymous identity (2) The ALUCID ® principles related to anonymous identity No user, and no service provider, works directly with identifiers and credentials (secrets). No personal data are included directly or indirectly in the identifiers or credentials. Identifiers and credentials are shared only between the user and the service provider. No generally valid identifier or credential exists. Identifiers and credentials are very large random (or pseudorandom) numbers with limited validity in time.

6 Liberal identity User freedom in selecting his or her options Selecting a product, producer, form, size, features,… No obligation to use that product Possibility to use more than one product Possibility to change his/her mind in future Producer and service provider freedom Seamless interoperability Open standard interface strategy No registration, no central authority Production of “empty product” – supports mass production and standard sale of products

7 User-centric identity (1)

8 User-centric identity (2) The user scenario should be: The user selects a PEIG. It is sold empty. The user teaches his or her PEIG to recognize him or her when activated. The user connects the first time to the service provider and uses the activated PEIG. The user can (but need not) give his or her personal data to the service provider The user will be able to open his or her personified service directly if he or she activates his or her PEIG. The same procedure can be used with any other service provider supporting ALUCID.

9 Missing entities No login names, no passwords. No forgotten password, no phished password, … No user certificate. No recertification, no extra charges, no names on the network,… No identity provider. No user communication with an identity provider, … No government-issued identity. No “numbering” of citizens, no misuse of state-issued identifiers,… No biometric data without access control. No cloned biometric data from e-ID use, no remote verification of biometric data origin,...

10 Personal data management in the e-government Government and personal data The government stores citizens’ personal data in its internal information systems. Governments do not need any other personal or private data stored by e-ID means. E-government only requires a secure link between the person and the personal data record The link itself need not use personal information Government uses personal data in e-ID system only due to the e-ID technology needs it ALUCID ® technology supports creation of a secure and stable link between a specific PEIG ® and a specific user database record without any personal data

11 Personal data management in e-government How to link anonymous PEIG ® with the right personal data in the information system? Who is the person using the specific PEIG ® ? Secure initialisation of the link between the user and the record. Governments resolve the same issue in the non- electronic communication every day The owner of a specific PEIG ® will introduce his or her PEIG ® to the e-government service provider ALUCID ® technology will support so-called “remote heritage of PEIG ® introduction”

12 Citizen Centric Administration & e-ID Citizen centric administration should be personified administration e-ID technology is a key enabler of personified administration Users needs user-centric e-ID (shared e-ID tools) E-government services are minority services User centric e-ID is needed condition of citizen centric administration but not sufficient one! Possible options Citizens will use government issued e-ID for all other electronic services Government will enable use of citizen preferred e-ID tools Privacy protection has to by solved in both cases

13 Conclusion Privacy protection is today an underestimated threat of e-government The longer e-ID technologies based on personal data are used the greater grow the risks to citizen privacy Government does not itself need the personal data used in e-ID means ALUCID ® should solve the needs of government without additional privacy threats for citizens ALUCID ® is a new concept, a new solution. The first prototype exists. It needs to be verified in a pilot test in real life before mass use. We look for partners (cooperation, verification, standardization, deployment,…)

14 Libor.Neumann@anect.com

Download ppt "Anonymous, Liberal and User-Centric Electronic Identity Supports Citizen Privacy Protection in e-Government OASIS eGov Workshop - 1 May 2008 Libor Neumann."

Similar presentations

Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.

Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
ETen E-Poll ID – Strasbourg COE meeting 23-24 November, 2006 Slide 1 E-TEN 29332 E-POLL Project Electronic Polling System for Remote Operation Strasbourg.

ETen E-Poll ID – Strasbourg COE meeting November, 2006 Slide 1 E-TEN E-POLL Project Electronic Polling System for Remote Operation Strasbourg.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Secure Communication Architectures.

Secure Communication Architectures.
PROJECT ON DIGITAL SIGNATURE Submitted by: Submitted to: NAME: Roll no: Reg.no. :

PROJECT ON DIGITAL SIGNATURE Submitted by: Submitted to: NAME: Roll no: Reg.no. :
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April,2007 1 Paula Ortiz López Spanish Data Protection Agency.

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Paula Ortiz López Spanish Data Protection Agency.
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,

DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Similar presentations

Ads by Google