Protecting identities and privacy with innovative EU-funded technology
Digital privacy is an EU priority and an EU-funded team of researchers is working to better protect the privacy and identities of European citizens. The ABC4TRUST ('Attribute-based credentials for trust') project, funded under the 'Information and communication technologies' (ICT) Theme of the Seventh Framework Programme (FP7), is using privacy-enabling technology to bring this priority to fruition. ABC4TRUST has clinched almost EUR 8.9 million in EU support.
People in the EU and US spend about 28 hours each month browsing the Internet. They surf the web to chat, conduct personal banking and buy various goods. However, in order to be able to perform these various activities and gain access to the sites, users are obliged to create a personal user profile with a username and password via cryptographic certificates. Experts say such certificates may provide enough security for many purposes but they do not protect users sufficiently. At the end of the day, users end up giving away too much information about themselves when they don't have to.
'Revealing more information than necessary not only harms users' privacy but also increases the risk of abuse of information such as identity fraud when personal information falls in the wrong hands,' explains Professor Kai Rannenberg of the T-Mobile Chair of Mobile Business & Multilateral Security at Goethe University Frankfurt am Main in Germany, coordinator of ABC4TRUST. 'The goal of ABC4TRUST is to show that systems of Attribute-Based Credentials can support both secure authentication as well as privacy, for example, in mobile communities. This directly supports the EU's Digital Agenda.'
The ABC4TRUST team will launch a trial run of the privacy-enabling technology at a university in Greece and a secondary school in Sweden. The researchers say their test will enable users to provide the information that sites need without divulging their full identification.
Both education facilities will be able to issue credentials to their users, with information about various issues like if they have attended a certain class, were part of an athletic team etc. Stored on a smartcard or mobile phone, users may use these digital credentials to authenticate towards services. The Patras, Greece-based Research Academic Computer Technology Institute could run its own computerised feedback system, further supporting the students' right to privacy.
The ABC4TRUST system will use IBM's Identity Mixer and Microsoft's U-Prove technologies to prove the users are over 18 years old instead of forcing them to provide various identification papers including copies of identification cards.
'With technologies like Identity Mixer, we provide the technical capabilities to bring not only strong security to Internet services, but — at the same time — also better privacy,' says Dr Jan Camenisch, privacy technology scientist at IBM Research Zurich in Switzerland, one of the ABC4TRUST partners. 'Making use of more than 10 years of research and development, we are now going to deploy these solutions in practice and address usability and interoperability.'
Kim Cameron, chief architect of identity at Microsoft, says: 'Minimal disclosure technologies, such as U-Prove and Identity Mixer, provide important building blocks for the realisation of a sustainable Identity Metasystem. The ABC4TRUST project will be a great forum for various stakeholders to address the problem of privacy for a safer, more trusted Internet.'
Guaranteeing a user's privacy will become ever more important in the years to come. The technologies being piloted at ABC4TRUST will help us get closer to that goal much more quickly.
The ABC4TRUST consortium consists of experts from Denmark, France, Germany, Greece, Sweden and Switzerland.
To restrict search results to articles in the Information Centre, i.e. this site, use this search box rather than the one at the top of the page.
After searching, you can expand the results to include the whole Research and Innovation web site, or another section of it, or all Europa, afterwards without searching again.
Please note that new content may take a few days to be indexed by the search engine and therefore to appear in the results.