Anonymous, Liberal, User-Centric Electronic Identity

1
Anonymous, Liberal, User-Centric Electronic
Identity New Systematic Design of e-ID
InfrastructureLibor NeumannANECT a.s.
www.oasis-open.org
2
Motivation

• Big ideas, current needs
• Single European Information Space
• Pan-European e-gov services
• E-Government 2.0
• Current challenges
• Lack of interoperability
• Underestimated privacy threats
• Unaccepted complexity by the end-user
• Lack of personification
• E-ID (authentication) is key enabler

3
New e-ID design

• Searching of e-ID solution
• Systematic analysis
• Design from scratch
• System design methodology was used
• New way of thinking about e-ID
• New principles, new methods
• ALUCID - Anonymous, Liberal, and User-Centric
  electronic IDentity

4
Anonymous identity

• Anonymous identity Nonsense?
• Real life examples of anonymous identity
• Dog and its master
• Mother and her baby
• Program variable in virtual memory
• ALUCID separates distinguishing between subjects
  from naming of subjects (claims)
• Identifiers and credentials are very large random
  (or pseudorandom) numbers with limited validity
  in time.
• Names (claims) can be protected application data

5
Open Standard Interfaces
6
Missing entities

• No login names, no passwords. No forgotten
  password, no phished password,
• No user certificate. No recertification, no extra
  charges, no names on the network,
• No identity provider. No user communication with
  an identity provider, no personal information
  managed by third party,
• No government-issued identity. No numbering of
  citizens, no misuse of state-issued identifiers,
  
• No biometric data without access control. No
  cloned biometric data from e-ID use, no remote
  verification of biometric data origin,...

7
End-user

• Extremely simple use have a PEIG (Personal
  Electronic Identity Gadget) and
  activate/deactivate it.
• User freedoms
• Selecting a product, producer, form, size,
  features,
• Selecting an activation method
• No obligation to use that PEIG
• Possibility to use more than one PEIG
• Possibility to change his/her mind in future
• Direct access to personified services
• Service provider takes care of his/her security
• Virtually private Internet (My Internet)
• Universal use of PEIG

8
End-user point of view
9
End-User scenario

• The user scenario should be
• The user selects a PEIG. It is sold empty.
• The user teaches his or her PEIG to recognize him
  or her when activated.
• The user connects the first time to the service
  provider and uses the activated PEIG.
• The user can (but need not) give his or her
  personal data to the service provider
• The user will be able to open his or her
  personified service directly if he or she
  activates his or her PEIG.
• The same procedure can be used with any other
  service provider supporting ALUCID.

10
Prototype demo
11
Thank you for your attention

• Libor.Neumann_at_anect.com