PRIME Privacy and Identity Management for Europe

1
PRIME Privacy and Identity Management for
Europe

• Vision Objectives First Results

2
PRIME Vision

• In the Information Society, users can act and
  interact in a safe and secure way while retaining
  control of their private sphere.

3
PRIME Objectives

• Advance the state-of-the-art in privacy-enhancing
  identity management
• Demonstrate how to embed European privacy laws
  and regulations into technology
• Empower individuals to effectively realise their
  right to privacy and informational
  self-determination
• Development of real-world toolsand solutions for
  identity management

4
PRIME Approach (1/2)

• Advance the state-of-the-art in
  privacy-enhancing identity management by
• Laying the theoretical foundations, taking into
  account current environments as well as future
  scenarios.
• Developing novel, practical solutions and
  approaches to the validation and communication of
  the level of privacy and security achieved.
• Raising awareness of the privacy problems and of
  practically feasible options.

5
PRIME Approach (2/2)

• PRIME takes a highly interdisciplinary approach
  in order to produce solutions that are
• Technically feasible
• Understandable and manageable by end users
• Socially desirable and acceptable
• Legally required
• Commercially viable and exploitable.

6
PRIME Principles

• Design starting from maximum privacy
• System usage governed by explicit privacy rules
• Privacy rules must be enforced, not just stated
• Trustworthy privacy enforcement
• Easy and intuitive abstractions of privacy for
  users
• An integrated approach to privacy
• Privacy integrated with applications

7
PRIME Key Technology Elements

• Pseudonyms
• Anonymity
• Credentials
• Policy negotiation

8
Detailed Objectives Block 1-3

• Block 1 Requirements and Evaluation
• Legal, socio-economic, generic application
  requirements
• Block 2 Application Prototypes
• E-learning, privacy-preserving customer database,
  location-based services, etc.
• Block 3 Mechanism Research and Development
• Assurance methods, Human-Computer Interface
  (HCI), ontologies and privacy principles,
  authorisation models, cryptographic mechanisms,
  communication infrastructure (e.g. anonymity),
  user/server-side identity management, education

9
First Results Block 4 Framework

• First public result Framework V0 (see webpage)
• Provides map of privacy-enhancing identity
  management
• Problem space
• Vision of PRIME
• PRIME stakeholders, roles and responsibilities
• Application scenarios
• Legal and social environment
• Business models and economic drivers
• PRIME concepts and terminology
• PRIME models for users and metaphors

10
Further Main Deliverables/ Expected Results

• Requirements
• Legal
• Socio-economic
• Applications
• HCI (Human-Computer Interface)
• Architecture (functions/modules and relationship
  between functions/modules)
• Prototype(s)
• Prototype evaluation
• Dissemination (tutorials, presentations, white
  paper, etc.)

11
Standardisation Involvement

• Goethe-Universität Frankfurt
• ISO/IEC JTC1 SC 27 IT Security Techniques
• ISO/IEC JTC1 SC 27/WG 3 Security Evaluation
  Criteria
• ISO/IEC JTC1 AdHoc Working Group Privacy
  Technologies
• DIN-NI 27 IT-Sicherheit
• HP (Management Board Member)
• ISO/IEC JTC1 AdHoc Working Group Privacy
  Technologies
• IBM
• ISO/IEC JTC1 SC 27/WG Security Mechanisms

• Several joint members
• W3C subcontractor

• IBM, HP

• HP, IBM (Management Board Members)

• IBM
• MS in Reference Group

• Several joint members

12
PRIME Contact

• http//www.prime-project.eu.org/
• Project Management Gérard LacosteIBM La Gaude
  Project Office for European Projectslacoste_at_fr.ib
  m.com
• Public Relations Marit HansenIndependent
  Centre for Privacy Protectionprime_at_datenschutzzen
  trum.de

13
PRIME Some Key Data

• The PRIME project receives research funding from
  the Communitys Sixth Framework Programme and the
  Swiss Federal Office for Education and Science.
• Integrated Project in the Information Society
  Technologies Priority
• Duration 4 years (March 2004 February 2008)
• Budget M 16 (M 10 granted EC contribution)
• Number of participants 20
• Reference Group

14
PRIME Partners
15
PRIME Partners

• IBM France, F
• IBM Zurich Research Lab, CH
• Unabhängiges Landeszentrum für Datenschutz, D
• Technische Universität Dresden, D
• Katholieke Universiteit Leuven, B
• Universiteit van Tilburg, NL
• Hewlett-Packard, UK
• Karlstads Universitet, S
• JRC / IPSC Ispra, I
• Università di Milano, I

• Centre National de la Recherche Scientifique /
  LAAS, F
• Johann Wolfgang Goethe-Universität Frankfurt am
  Main, D
• Chaum LLC, USA
• RWTH Aachen, D
• Institut EURECOM, F
• Erasmus Universiteit Rotterdam, NL
• Fondazione Centro San Raffaele del Monte Tabor,
  I
• Deutsche Lufthansa, D
• Swisscom, CH
• T-Mobile, D

16
PRIME Workplan

• Organised in blocks and activities
• Main blocks
• Requirements and evaluation
• Application prototypes
• Mechanisms research and development
• Framework and architecture
• Management and outreach

17
Reference Group

• External interested experts providing early
  feedback on project results from different
  standpoints
• Data Protection Authorities Dutch Data
  Protection Zurich Data Protection Article 29
  Working Party
• Industry Microsoft EMEA Philips Research
  Ericsson Migros Hunton Williams Eurochambres
• Administration Danish Board of Technology
• Independent Research RAND Europe Institute of
  Technology Assessment, Austria
• Academia Free University of Brussels London
  School of Economics University of Dar es Salaam,
  Tanzania
• Law Enforcement Ministry of the Interior and
  Kingdom Relations of the Netherlands
• Consumer Protection BEUC The European
  Consumers Organisation

18
Block 5 Public Relations http//www.prime-proje
ct.eu.org/

• Project overview
• News results
• Public and internal spaces

19
Detailed Objectives Block 1 Requirements and
Evaluation

• Legal requirements Legal experts shall ensure
  that PRIME technology is fully compliant with
  applicable laws and regulations.
• Socio-economic requirements Established economic
  theories will be applied in the emerging field of
  privacy-enhancing identity management.
• Generic application requirements Requirements
  will be identified that are relevant to PRIME in
  the near as well as longer term.

20
Detailed Objectives Block 2 Application
Prototypes

• Block 2 aims at validating, in a real-life
  environment, the approach, architecture and
  technology of PRIME.
• Major scenarios
• On-line health care system (Fondazione Centro
  San Raffaele)
• Location-based services (Swisscom, T-Mobile)
• Privacy-preserving customer database (Lufthansa)
• Anonymous access to infrastructure for mobile
  workers (Swisscom, T-Mobile)
• E-Learning (Dresden University)
• Privacy-enhancing ambient intelligence (JRC).

21
Detailed Objectives Block 3 Mechanism Research
and Development (1/3)

• Assurance methods Users as well as service
  providers will be supported in gaining assurance
  of whether a technology or service matches their
  privacy requirements.
• Human-Computer Interface HCI concepts and user
  interfaces will be developed which provide users
  with a clear understanding about consequences and
  options when releasing personal information.
• Ontologies and privacy principles Formal
  ontologies will be elaborated which communicate
  the complex conceptual framework of the privacy
  domain.

22
Detailed Objectives Block 3 Mechanism Research
and Development (2/3)

• Authorisation models Novel authorisation
  policies together with their related model and
  language will be developed which allow expressing
  and enforcing authorisations depending on
  different partial identities of the requestors.
• Cryptographic mechanisms The core cryptographic
  solutions for privacy-enhancing identity
  management (including credentials) will be
  provided.

23
Detailed Objectives Block 3 Mechanism Research
and Development (3/3)

• Communication infrastructure Models for address
  and location privacy against a strong attacker
  model will be elaborated.
• User/server-side identity management The
  prototypes supporting the user and enforcing
  privacy policies will be designed and implemented
  (at the user as well as at the server side).
• Education Educational material of many facets of
  PRIME will be worked out which address the needs
  of application developers, service providers,
  application designers, and end users.