Skip to main content
European Commission logo print header

IdeNtity verifiCatiOn with privacy-preservinG credeNtIals for anonymous access To Online services

Periodic Reporting for period 1 - INCOGNITO (IdeNtity verifiCatiOn with privacy-preservinG credeNtIals for anonymous access To Online services)

Reporting period: 2019-01-01 to 2020-12-31

The overarching goal of INCOGNITO is to combine state-of-the-art technologies in a platform that will allow users to easily understand what is needed to access online services with respect to their privacy and be able to prove specific attributes of their identity or their whole identity. During this project, we build on top of the framework that has been developed under the ReCRED project where we leveraged the mobile devices that users habitually carry in order to get access to Online Services. That is, we use advanced software on mobile devices in order to convert online and physical identity proofs into validated and cryptographically strong proofs of identities that can then be used for getting access to Online Services. INCOGNITO has the following objectives:
1.Design and implement an infrastructure that supports qualified anonymity (QA) by leveraging state of the art cryptographic credentials schemes as well as Federated Login solutions.
This objective is closely linked to WP3, which aims on achieving QA for the INCOGNITO platform. Task 3.1 has been completed successfully, while Tasks 3.2 and 3.3 are in progress.
2.Design and implement an Identity Acquisition and Management platform that will allow the user to quickly and securely acquire identity attributes from Physical ID documents and Online Identities.
This objective is closely linked to WP4, which focuses on the Identity Acquisition and Management functionalities for the INCOGNITO platform. Task 4.1 has been completed successfully, while Tasks 4.2 and 4.3 are in progress.
3.Design and implement an advanced UI/UX AI-based assistant that will guide and inform the user about aspects of his identity management as well as possible actions to take.
This objective is closely linked to WP5, which focuses on the design and implementation of a UI/UX AI-based assistant for the INCOGNITO platform. Task 5.1 has been completed successfully, while Tasks 5.2 and 5.3 are in progress.
4.Evaluate the results of the project through two pilot activities.
This objective is closely linked to WP7, which has not commenced yet. Thus, there is no progress for this Objective yet.
"The INCOGNITO platform will handle personal data, so emphasis has been given to ensure that this information is safely processed and stored. INCOGNITO has safeguards in place to support the data management procedures regarding the life cycle for all data that will be collected, processed, or generated. Privacy and security by design are the foundations upon which the consortium builds the INCOGNITO project. The consortium takes into consideration all the EU directives and regulations regarding the security of personal data, in order to ensure that data subjects rights are not endangered and that data privacy and ethical issues are fully dealt with. The anonymisation/pseudonymisation techniques that will be used in the project have been defined, as the ARX tool will be utilized to perform the corresponding tasks. The ARX is a software that supports various operating systems and has been successfully deployed in many occasions proving to be one of the most substantiated and popular data anonymization methodologies. It has also been decided that Zenodo will be used as the project Data and publication repository, and will be linked to the INCOGNITO project-site at OpenAIRE. Furthermore, INCOGNITO business and technical requirements specifications have been defined by utilizing two business cases. Case A explores how users can make use and share online multimedia content while on the move in the 5G network, while case B delves into proving someone’s identity attributes selectively, without unnecessarily revealing other identity aspects. Diving into more details for each case through scenarios, business needs were identified which in turn lead to the definition of technical requirements that need to be met in order to fulfill the business needs.

As a result of the described work that has been performed, personal data that will be handled by the INCOGNITO platform will be secure and all the corresponding processes will fall in line with the European and national laws and legislation and compliance is ensured. Moreover, the foundation upon which the INCOGNITO platform will be built has been laid by defining the business and technical requirements that need to be met in order to successfully implement a platform that aligns with our goals of verifying identity attributes while preserving the user’s privacy and anonymity when accessing online services at the same time.

Progress until M24:
WP2: has been completed, along with all its Tasks. Completion: 100%
WP3: Task 3.1 has been completed, while Tasks 3.2 and 3.3 are still in progress. Completion: 55.71%
WP4: Task 4.1 has been completed, while Tasks 4.2 and 4.3 are still in progress. Completion: 39.27%
WP5: Task 5.1 has been completed, while Tasks 5.2 and 5.3 are still in progress. Completion: 32.4%
WP6: All Tasks are in progress. Completion: 2.16%
WP7: Has not commenced. Completion: 0%
WP8: All Tasks are in progress. Completion: 30%

Milestone no.2 ""Complete specifications"" has been fully achieved, through the completion of Tasks 3.1 4.1 and 5.1."
INCOGNITO will exploit the privacy features provided by anonymous credential systems such as Idemix and U-Prove, as well as ABE-Based ABAC. This will be achieved by designing their integration in INCOGNITO platform from both the technical and legal perspectives and by pursuing standardization activities. In INCOGNITO we will exploit the ReCRED knowledge on ensuring authenticity and fidelity of all the acquired identity information and we will go beyond the aforementioned solutions by leveraging the latest available TEE to implement more accurate and efficient identity acquisition, verification and validation algorithms. INCOGNITO’s identity management solution in combination with qualified anonymity will enable end-users to create and manage proofs of identity attributes that can be used across multiple applications on the web and the real world, thus addressing all the three use cases proposed by Holtz et al. as well as many other use cases. In general, end-users will be able to prove specific identity attributes to online services, governmental services, banks and financial institutions, and any other service or institution that requires proven identity attributes. Use cases of such attribute-based identities in real world will be demonstrated through the pilots. INCOGNITO aims at enabling selective attribute disclosure by implementing a qualified anonymity framework in conjunction with a decentralized identity management solution.

The completed steps taken towards this direction, include:
- the completion of the reference architecture for the INCOGNITO platform,
- the design and implementation of the qualified anonymous framework and integration with device-centric authentication solutions such as FIDO (Fast IDentity Online),
- the full identity acquisition through a web and mobile application that will support acquisition from multiple soft proofs of identities and online accounts,
- the first stage of the design and components prototyping of the machine learning pipeline that will be the pillar of the Artificial Intelligence (AI)-based assistant.
INCOGNITO Long Brochure page 5
INCOGNITO Short Brochure page 1
INCOGNITO Short Brochure page 4
INCOGNITO Short Brochure page 2
INCOGNITO Long Brochure page 4
INCOGNITO Short Brochure page 3
High level overview of the INCOGNITO platform
INCOGNITO Long Brochure page 1
INCOGNITO Long Brochure page 3
INCOGNITO Long Brochure page 2