PRIVÈ : Privacy Respecting Identity Verification Enabler for Digital Identity Wallets
PRIVÈ empowers participating entities, by extending the decentralized user-centric identity management framework, to establish trust by providing strong verifiable evidence and assurances on the origin and integrity of the presented Verifiable Credentials. PRIVÈ achieves this goal by building a trusted layer between interacting parties that is based on the use of HW-based keys and strong cryptographic privacy-preserving tools. In this way, PRIVÈ can enable the handling of VCs requiring higher Level of Assurances locally at the Holder’s wallet. This offers the possibility to bind Verifiable Credentials (VCs) to the Wallet of the Holder and transfer the Root-of-Trust of the SSI ecosystem purely to the digital wallet by considering an underlying Trusted Component as part of the Wallet, without making any assumptions on the trustworthiness of the other layers. This enables digital Identity Wallets to align with emerging regulations and standards like eIDAS that require higher Level of Assurances for services. At the same time, we make sure that privacy-enhancing properties like selective-disclosure are fully supported, in order to make the Wallet compliant with privacy regulations like GDPR. To this end, PRIVÈ will design a novel privacy-preserving cryptographic protocol, namely Attribute-based Direct Anonymous Attestation (DAA-A) to provide verifiable evidence and assurances about the presented VC’s origin and integrity. We can now enforce that a VC can only be issued by an attested Issuer and that this VC is bound to the Holder’s device (Wallet), overcoming the current limitations of bare proof-of-possession of a SW-based key. PRIVÈ follows a user-centric design and implementation, thus, envisioning to achieve high level of user acceptance. It is also agnostic to the Wallet’s implementation and will be offered as an open source library that can be added as an extension to any SSI wallet on the Holder side to enable the use of hardware-based keys.
- Motivation for the project: Enhancing user empowerment and privacy-by-design by ensuring that identity data control remains with the user. PRIVÈ enables the feature of selective disclosure and allows the Holder to manage her privacy by allowing the disclosure of only the necessary attributes. This supports compliance with GDPR.
- Generic use case description: PRIVÈ follows the roles as defined by the W3C: Holders can bind their credentials to their PRIVÈ-enabled Wallet (protected by a HW-based RoT) which then gives them full control on the information they want to disclose to any Verifier (Service Provider).
- Essential functionalities: Holder Binding (Issued identity data are delivered only to the intended Holder); Device Binding (Issued VCs are bound to the Holder’s unique identifier); Selective Disclosure (Construction of appropriate Verifiable Presentations), and Wallet Correctness (only authenticated Wallets can create user attribute attestations).
- How these functionalities can be integrated within the software ecosystem: PRIVÈ will be provided as an open-source library for enabling the use of HW-based keys, to any SSI Wallet, through the integration also of TPMs as the underlying RoT . Secure management of credentials will be enabled through the design of DAA-A crypto with “credential blinding” capabilities.
- Gap being addressed: PRIVÈ envisions to resolve the lack of trust management in SSI: How can someone be sure that presented credentials really belong to the claimed entity? This translates into Holders having control of their own VCs which currently is only protected through SW-based keys creating trustworthiness issues.
- Expected benefits achieved with the novel technology building blocks: Enhanced protection of the Holder's Wallet through the incorporation of attestation mechanisms which in turn increases the confidence in the electronic identification means. Furthermore, PRIVÈ allows digital Identity Wallets to align with emerging regulations and standards like GDPR and eIDAS.
- Potential demonstration scenario: PRIVÈ will be validated in the context of the Healthcare domain and, more specifically, through a health insurance application that can offer the possibility to health insured patients to have full control (through their Wallets) of their medical records with any (Insurance) Service Provider.
Team
Thanassis Giannetsos
Dr. Giannetsos is the Head of Digital Security and Trusted Computing Group in UBITECH Ltd and his main research interests lie into the design of secure and privacy-preserving protocols for Next-Generation Systems-of-Systems.
Thanassis Bouras
Thanassis Bouras is the Research Director of UBITECH Ltd with vast experience in leading EU research projects. His research interest lies in distributed systems with a focus on secure virtualization and efficient mechanisms capable of enhancing the Level of Assurance of such complex ecosystems.
Panagiotis Gouvas
Dr. Panagiotis Gouvas is the Research Director & Architect of UBITECH Ltd focusing on designing novel secure network mechanisms to enable the ongoing transformation vision of edge computing.
Ioannis Krontiris
Dr. Ioannis Krontiris is a Senior Security and Privacy Expert with experience in various facets of privacy-related aspects – from differential privacy algorithms to privacy-respecting identity management.
Elpida Vamvaka
Elpida Vamvaka, co-founder of Homo Digitalis, is a lawyer in Greece specializing in the domains of privacy, data protection, and intellectual property law.
Eleftherios Chelioudakis
Eleftherios Chelioudakis is a laywer admitted to practice in Greece with expertise on a wide range of topics related to privacy, data protection and e-commerce.
Stefanos Vitoratos
Stefanos Vitoratos is a lawyer admitted to practice in Greece with a specialization on Law & New Technologies. He is a member of the EDPB's (European Data Protection Board) Pool of Experts and recognized as Fellow of Information Privacy (FIP) by the IAPP (International Association of Privacy Professionals).
Konstantinos Kakavoulis Konstantinos Kakavoulis is a lawyer specialized n Law & New Technologies. He is a founding partner of Digital Law Experts, a niche law firm specialized in Digital Law, and co-founder of Homo Digitalis, the first digital rights organization in Greece.
Entities
They cover fields of expertise relevant to TrustChain project and Open Calls: DLT & blockchain related expertise, Self-sovereign ID, Peer-to-Peer, decentralised and Cloud, Fog, and Edge computing systems, business models, NGI business models, Security for decentralised network, and Human Centred Approach for innovative technology design.
GIOUMPITEK MELETI SCHEDIASMOS YLOPOIISI KAI POLISI ERGON PLIROFORIKIS ETAIREIA PERIORISMENIS EFTHYNI (UBITECH)
UBITECH is a leading, highly-innovative Research Institute and Software House focusing on enabling the long-term transformation of decentralized environments with security solutions that can cover all layers of the deployed application stack.
Website: www.ubitech.eu
Homo Digitalis (HOMO)
Homo Digitalis is the only digital rights civil society organization in Greece. Our goal is the protection of human rights and freedoms in the digital age, such as the rights to privacy, data protection, etc.
Website: www.ubitech.eu