The document is directed at an audience of academics, EU policy-makers, experts from technological, social science and legal disciplines and interested citizens.

It will give an overview of existing identity management systems (IMS). Different types, classes and subclasses of IMS are identified, described and illustrated by examples of existing IMS. To get an overview of the variety of existing technical implementations different designs of IMS are presented. Privacy enhancing mechanisms are developed and selected corresponding privacy enhancing technologies (PET) are shown as examples of existing implementations of those mechanisms. Finally an overview is presented of current research and development activities on IMS and conclusions, especially from the FIDIS Network of Excellence.

[  Download ] [ Read Online ]

Public-Key Infrastructures (PKIs) have been a hot topic for several years now, and many - often very practical - questions are still open. These certainly include corruption of keys or algorithms, usability, awareness of users and security issues. With respect to high-tech IDs, advanced PKI, e.g. supporting convertible credentials, could be developed. Until now, official PKI in member states, working according to the Digital Signature Act and national signature law, rarely work with pseudonymous keys and certificates. To improve the diffusion of electronic signatures into European markets six concrete measures are suggested. Both technologists and lawyers have experience in research on biometrics in the form of technology assessment and conceptualisation. However, for many kinds of biometrics it is still unclear how much security and privacy can be achieved. As the biometric market evolves in response to technology enhancement and political pressure, it is imperative that research on this topic is up to date, especially with respect to avoidance of discrimination and to privacycompliance. This document forms a comprehensive study on PKIs and biometrics, specifically from the legal and technological point of view, with focus put on the possibility of privacy-enhancing implementations.

[  Download ] [ Read Online ]

This study gives a technical survey on mobile identity management. It identifies requirements for mobile identity management systems in particular on security and privacy of mobile users with mobile devices, e.g. smart phones or smart cards. A non-technical reader should understand the need and requirements for mobile identity management systems. Approaches for realising these requirements are described. The study gives answers to the following questions.

• What are the requirements for mobile identity management systems in particular on user’s mobility and privacy
• Which approaches for realising mobile identity management systems do exist?
• What are the open issues and further steps towards mobile identity management?

[  Download ] [ Read Online ]

The workshop on ID documents was held on June 21st and 22nd, 2005 in Frankfurt, the documentation (agenda, presentations and minutes) can be found at  http://internal.fidis.net/200.0.html?&dir=D3.5_Workshop_on_ID_Documents&mountpoint=11. The preparation of D3.6 "Study on ID Documents" was co-ordinated basing on the exchange of knowledge within the FIDIS NoE and external input provided by two invited speakers.

[  Download ]  [ Read Online ]

This document gives an overview of concepts, prototypes and implementations of European ID documents including machine readable travel documents (MRTDs). Although not totally comprehensive, it summarises basic technologies that are used for ID documents such as PKI, RFID, biometrics and chip card technologies. Legal grounds for European MRTDs are described and analysed. In addition to a short overview on implementations, five good practice examples are described and discussed. Security and privacy aspects of ID documents are analysed basing on current state-of-the-art in the described basic technologies and existing implementations of ID documents. Further, critical elements of cost projections for ID documents are presented and analysed from a social perspective.

[  Download ]  [ Read Online ]

In this deliverable the physical properties of RFID, types of RFID systems basing on the physical properties and operational aspects of RFID systems are introduced and described. An overview on currently know security threats for RFID systems, countermeasures and related cost aspects is given. This is followed by a brief overview on current areas of application for RFID. To put a light on status quo and trends of development in the private sector in the context of RFID, the results of a study carried out in 2004 and 2005 in Germany are summarised. This is followed by an overview on relevant standards in the context of RFID. This deliverable also includes a bibliography containing relevant literature in the context of RFID. This is published in the bibliographic system at www.fidis.net/interactive/rfid-bibliography/

[  Download ] [ Read Online ]

This deliverable investigates identity-related properties of commonly used
protocols and interesting proposed approaches for new protocols. This includes,
categorising and showing dependencies between network protocols and the
outline of privacy properties, based on personal data disclosed, linkability and
identifiability. Further, it critically discusses whether privacy experts are – and
should be – involved in the process of designing protocols. Protocols for
communication in networks are analysed according to privacy-relevant data and
techniques for privacy-aware communication and their associated protocols are
explained. Finally in this document, new developments for Next Generation
Internet protocols are described.

This deliverable assumes some prior knowledge, but references and further
reading is there to help the reader.

[  Download ]

Trusted Computing (TC) is a key enabling technology adding substantially new
security features, making many new use cases possible, which may
revolutionize identity management. However, this emerging technology is not
undisputed and raises many societal questions related to privacy, rights on
ownership etc. This study takes a deeper look into TC concepts like TPMs,
Trustworthy Operating Systems etc, and discusses possible use and business
cases for TC in the context of identity and identification, pointing out possible
risks of this technology in terms of privacy and consumer protection.

The objective of this study is to give an overview of Trusted Computing
concepts and its supporting technologies, and to introduce new ideas on how
those concepts can support or influence digital identification and identity
management systems, including possible privacy and anonymity implications of
Trusted Computing specifications defined by the Trusted Computing Group.

This deliverable differs substantially from 33 of ALU-FR, as it addresses
mainly the use of TC mechanisms on the client side and focuses on the
technology description and its impact on IMS.

[ Download]

This deliverable discusses the deployment of biometrics for the management of identity in the public and private sector from a technical, legal, security and forensic point of view. It highlights some specific security and privacy aspects, including those from new demonstrations of user/capture and capture/extraction threats, but also stresses the advantages which biometrics offer. The research indicates that a fruitful debate about the risks and opportunities of biometrics requires the use of an agreed harmonised vocabulary and that discussion should focus on where the control over the biometric system is exercised and on the functionalities and purposes of the applications. The report proposes, in this context, five groups of biometric application models for future use. Although biometric references become increasingly part of various identity applications, there remain several research items which are not yet fully explored as illustrated and described, such as the question of health related information contained in biometric templates and the proportionality of the use of biometric data. The report also warns for biometric data becoming a primary key for the interoperability of systems. Finally, the document offers guidance in the deployment of biometrics, including by describing an approach on how to preserve privacy and to enhance security by the data subject retaining control over the biometric data.

[  Download ]

This document is a report summarising the maintenance work carried out for the database on Identity Management Systems (IMS database) in the context of D8.6 and D3.11. This report covers the third FIDIS period (April 2006 to March 2007).

[  Download ] [ Read Online ]

This document is a report summarising the maintenance work carried out for the database on Identity Management Systems (IMS database) in the context of D3.15. This report covers the third FIDIS period (April 2007 to March 2008).

[  Download ]

The FIDIS WP12 workshop on Emerging AmI Technologies was held at the University of Reading, UK on the 26-27 October 2006. This workshop was designed to be the kick-off event for two subsequent deliverables: D12.2 "Study on Emerging AmI Technologies" & D12.3 "Holistic Privacy Framework for RFID Applications". As such, the core content of these deliverables was developed through a range of participant presentations and subsequent discussion and co-ordination of the contributions of the partners was conducted. This document is a brief record of the event.

[  Download ] [ Read Online ]

The technical issues relating to the actual implementation and thus realisationof Ambient Intelligence (AmI) environments are immense, and in most casestangible solutions to technical related problems are still yet to be found.Meanwhile, ‘Emerging Technologies’ has become a term which considers theconvergence of areas such as nanotechnology, biotechnology, informationtechnology, cognitive science, robotics, and artificial intelligence. Here wediscuss how technologies which stem from this idea of domain fusion can beconsidered appropriate in the fabric of an AmI environment, meaning that AmImay actually be an application area made possible through this new emergingtechnology phenomenon. Further, we assess some of the emerging technologieson the basis of the European Charter of Fundamental Rights and Freedoms andapply an ‘infoethic’ approach (the application of ethical principles to thedevelopment and use of information and communication technologies) to raisequestions regarding the role of fundamental rights for emerging technologies.Additionally, we offer a forum for an initial inter-disciplinary debate based onthe complex issue of technology evolution in its wider socio-cultural contextthrough the use of an initial anthropological statement, and subsequent domainorientated replies. In essence, this deliverable is less about firm answers tospecific questions, and instead aims to inform the reader on how emergingtechnologies may find application in AmI, and to stimulate further discussionon both the specific and broader issues that such development entails.

[  Download ] [ Read Online ]

The objective of this deliverable is to discuss whether it is possible to create a holistic privacy framework for Radio Frequency Identification (RFID) systems given current advances in the area and if so what would such a framework look like. The deliverable gives an overview of privacy problems in relation to RFID from legal, ethical, social and technical standpoints and discusses and presents some of the efforts made to address these problems. Based on this, a checklist for evaluating the privacy friendliness of an RFID system is presented as a first tentative approach towards a framework. The overall conclusion is that much more research effort and technological development needs to be done before a true holistic framework can be constructed.

[  Download ] [ Read Online ]

The second FIDIS WP12 integrated workshop on Emerging AmI Technologies
was held at the Interdisciplinary Centre for Law and ICT (ICRI), Katholieke
Universiteit Leuven, Belgium. The workshop was designed to be the review
event for first contributions to two ongoing deliverables: D12.5 “Use cases and
scenarios of emerging technologies” & D12.6 “Study on ICT implants”. As
such, the core content of these deliverables was developed through a range of
participant presentations and subsequent discussion. Additionally, co-ordination
of further contributions was conducted, and schedules revised.
This document is a brief record of the event.

[  Download ]