Floating privacy and security in the clouds
As critical government services such as health care move online, it is essential to ensure your personal data is protected and easily managed. EU-funded researchers have come up with a novel solution that allows you to share and protect your personal details in a virtual wallet on the cloud good for privacy and security.
© estherpoon #168828392, source: stock.adobe.com 2019
Securing and protecting personal data is paramount in todays society. As more and more people access online services, ensuring their data is sound and safe can be a challenge as hackers often manage to keep one step ahead.
The sense of insecurity can have a chilling effect. Because of it, some people may hesitate logging into online government, or similar domains, that offer sensitive online services spanning from e-health to e-business.
The EU-funded CREDENTIAL project has created a user-friendly solution that enables you to store, manage and share your digital identity information in a virtual wallet via the cloud.
Unlike other similar tools, CREDENTIAL uses advanced novel cryptographic technologies that ensure the safe keeping of highly critical personal data. It also offers a user-friendly way to authenticate yourself across different domains using a single account.
In contrast to existing solutions, the user has full control over his data and her privacy is also maintained against the provider of the CREDENTIAL wallet, says project coordinator Stephan Krenn of the AIT Austrian Institute of Technology GmbH.
In particular, all data is encrypted at the source and can only be decrypted by the relying party, so that for any intermediary, including the CREDENTIAL wallet, it is technically not feasible to learn the user's sensitive data. This is in contrast to traditional approaches where privacy is only guaranteed by policies.
Few things are as personal as your own medical records. The medication you take, the doctors you have seen, the treatments you undergo are all intensely private and personal.
As part of its testing phase, the CREDENTIAL team set out to see how its wallet would work in a controlled scenario in Germany, where hospitals and private clinics often do not have any encryption software.
For over two months in 2018, doctors and patients with type 2 diabetes were able to experiment with the CREDENTIAL eHealth mobile apps as part of its pilot project.
Patients considered the project app highly valuable, and expect the final version to save them time in terms of continued medical evaluations and fewer doctor visits.
For the doctors, it also provided an immediate and secure access to patients data with some hoping to obtain the technology once CREDENTIAL hits the market.
CREDENTIAL had conducted similar pilot projects for online government services that require electronic identification and for businesses that can grant their workers access to encrypted mails. The results were promising.
By the end of the project, all pilot partners planned to further pursue their use cases and to integrate them into their product portfolio in the mid future, says Krenn.
Awards and cybersecurity
CREDENTIALs collaborative efforts have also paid off. Research partners from Karlstad University won two best paper awards at major conferences in their field for their results in the project.
Its overall research results have also intrigued the world of cybersecurity, and by 2022, a new ISO standard on redactable signatures is set to appear.
Such signatures, which allows a person to remove parts from signed documents, are an essential component needed to achieve privacy in the projects cloud identity wallet. The big plan is to make Europes digital space more secure. And here CREDENTIAL has played its part.