Periodic Reporting for period 2 - INCOGNITO (IdeNtity verifiCatiOn with privacy-preservinG credeNtIals for anonymous access To Online services)
Reporting period: 2021-01-01 to 2023-12-31
The overarching goal of INCOGNITO is to combine state-of-the-art technologies in a platform that will allow users to easily understand what is needed to access online services with respect to their privacy and be able to prove specific attributes of their identity or their whole identity. During this project, we build on top of the framework that has been developed under the ReCRED project where we leveraged the mobile devices that users habitually carry in order to get access to Online Services. That is, we use advanced software on mobile devices in order to convert online and physical identity proofs into validated and cryptographically strong proofs of identities that can then be used for getting access to Online Services.
The project successfully developed an infrastructure that leverages cutting-edge cryptographic schemes and federated login solutions. This infrastructure enables users to maintain their anonymity while ensuring they are qualified for the actions or services they wish to undertake. The use of cryptographic credentials has enhanced security, making the system robust against various cyber threats. INCOGNITO also simplifies the process of acquiring and managing identity attributes from both physical ID documents and online identities. This platform uses advanced verification methods to ensure the authenticity of the documents and the integrity of online identities, thereby reducing the risk of identity theft and fraud. Furthermore, the project successfully introduced an innovative AI-based assistant that enhances user interaction with the system. This assistant provides guidance, information, and actionable insights into identity management processes, making the system more accessible and user-friendly. The AI assistant adapts to user preferences and behaviors, offering personalized advice and support. Finally, two pilot activities were conducted to evaluate the effectiveness of the developed systems. These activities provided valuable insights into user behavior, system performance, and areas for improvement. The feedback obtained has been instrumental in refining the technology and ensuring it meets the needs of its users.
The project successfully developed an infrastructure that leverages cutting-edge cryptographic schemes and federated login solutions. This infrastructure enables users to maintain their anonymity while ensuring they are qualified for the actions or services they wish to undertake. The use of cryptographic credentials has enhanced security, making the system robust against various cyber threats. INCOGNITO also simplifies the process of acquiring and managing identity attributes from both physical ID documents and online identities. This platform uses advanced verification methods to ensure the authenticity of the documents and the integrity of online identities, thereby reducing the risk of identity theft and fraud. Furthermore, the project successfully introduced an innovative AI-based assistant that enhances user interaction with the system. This assistant provides guidance, information, and actionable insights into identity management processes, making the system more accessible and user-friendly. The AI assistant adapts to user preferences and behaviors, offering personalized advice and support. Finally, two pilot activities were conducted to evaluate the effectiveness of the developed systems. These activities provided valuable insights into user behavior, system performance, and areas for improvement. The feedback obtained has been instrumental in refining the technology and ensuring it meets the needs of its users.
The INCOGNITO platform will handle personal data, so emphasis has been given to ensure that this information is safely processed and stored. INCOGNITO has safeguards in place to support the data management procedures regarding the life cycle for all data that will be collected, processed, or generated. Privacy and security by design are the foundations upon which the consortium builds the INCOGNITO project. The consortium takes into consideration all the EU directives and regulations regarding the security of personal data, in order to ensure that data subjects rights are not endangered and that data privacy and ethical issues are fully dealt with. The anonymisation/pseudonymisation techniques that will be used in the project have been defined, as the ARX tool will be utilized to perform the corresponding tasks. The ARX is a software that supports various operating systems and has been successfully deployed in many occasions proving to be one of the most substantiated and popular data anonymization methodologies. It has also been decided that Zenodo will be used as the project Data and publication repository, and will be linked to the INCOGNITO project-site at OpenAIRE. Furthermore, INCOGNITO business and technical requirements specifications have been defined by utilizing two business cases. Case A explores how users can make use and share online multimedia content while on the move in the 5G network, while case B delves into proving someone’s identity attributes selectively, without unnecessarily revealing other identity aspects. Diving into more details for each case through scenarios, business needs were identified which in turn lead to the definition of technical requirements that need to be met in order to fulfill the business needs.
As a result of the described work that has been performed, personal data that will be handled by the INCOGNITO platform will be secure and all the corresponding processes will fall in line with the European and national laws and legislation and compliance is ensured. Moreover, the foundation upon which the INCOGNITO platform will be built has been laid by defining the business and technical requirements that need to be met in order to successfully implement a platform that aligns with our goals of verifying identity attributes while preserving the user’s privacy and anonymity when accessing online services at the same time.
Progress until M60 All WPs have been 100% completed, and all the milestones have been fully achieved.
As a result of the described work that has been performed, personal data that will be handled by the INCOGNITO platform will be secure and all the corresponding processes will fall in line with the European and national laws and legislation and compliance is ensured. Moreover, the foundation upon which the INCOGNITO platform will be built has been laid by defining the business and technical requirements that need to be met in order to successfully implement a platform that aligns with our goals of verifying identity attributes while preserving the user’s privacy and anonymity when accessing online services at the same time.
Progress until M60 All WPs have been 100% completed, and all the milestones have been fully achieved.
The INCOGNITO project has successfully exploited the privacy features provided by anonymous credential systems. By designing their integration into the INCOGNITO platform from both technical and legal perspectives and pursuing standardization activities, we have achieved a significant milestone in privacy-preserving technology. INCOGNITO has ensured the authenticity and fidelity of all acquired identity information, utilizing the latest available Trusted Execution Environments (TEE) for more accurate and efficient identity acquisition, verification, and validation algorithms. Our identity management solution, in combination with qualified anonymity, has enabled end-users to create and manage proofs of identity attributes that can be seamlessly used across multiple applications, both on the web and in the real world. This allows end-users to prove specific identity attributes to a wide range of services, including online platforms, governmental services, banks, financial institutions, and any other entity requiring proven identity attributes. The effectiveness of such attribute-based identities in the real world has been demonstrated through our pilots.
INCOGNITO has realized the goal of enabling selective attribute disclosure by implementing a qualified anonymity framework in conjunction with a decentralized identity management solution. Notably, the project's accomplishments include:
- The successful completion of the reference architecture for the INCOGNITO platform, establishing a solid foundation for all subsequent developments.
- The design and implementation of the qualified anonymous framework, seamlessly integrated with device-centric authentication solutions, representing a leap forward in enhancing user privacy while maintaining ease of use.
- The achievement of full identity acquisition capabilities through a web and mobile application that supports the acquisition of identity attributes from multiple soft proofs and online accounts, making the process more inclusive and comprehensive.
- The completion of the first stage of design and components prototyping for the machine learning pipeline, which forms the core of the Artificial Intelligence (AI)-based assistant, promising to revolutionize user interaction with identity management systems.
These achievements mark the successful fulfillment of INCOGNITO's objectives, making an impact on how identities are managed and utilized across various sectors, enhancing privacy, security, and user convenience in the digital age.
INCOGNITO has realized the goal of enabling selective attribute disclosure by implementing a qualified anonymity framework in conjunction with a decentralized identity management solution. Notably, the project's accomplishments include:
- The successful completion of the reference architecture for the INCOGNITO platform, establishing a solid foundation for all subsequent developments.
- The design and implementation of the qualified anonymous framework, seamlessly integrated with device-centric authentication solutions, representing a leap forward in enhancing user privacy while maintaining ease of use.
- The achievement of full identity acquisition capabilities through a web and mobile application that supports the acquisition of identity attributes from multiple soft proofs and online accounts, making the process more inclusive and comprehensive.
- The completion of the first stage of design and components prototyping for the machine learning pipeline, which forms the core of the Artificial Intelligence (AI)-based assistant, promising to revolutionize user interaction with identity management systems.
These achievements mark the successful fulfillment of INCOGNITO's objectives, making an impact on how identities are managed and utilized across various sectors, enhancing privacy, security, and user convenience in the digital age.