Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- D5.1: A survey on legislation on ID theft in the EU and….
- D5.2: ID Fraud Workshop.
- D5.2b: ID-related Crime: Towards a Common Ground for Interdisciplinary Research.
- D5.2c: Identity related crime in the world of films.
- D5.3: A Multidisciplinary Article on Identity-related Crime.
- D5.4: Anonymity in electronic government: a case-study analysis of governments? identity knowledge.
- D6.1: Forensic Implications of Identity Management Systems.
- D6.5/D6.6: Second thematic Workshop forensic implications.
- D6.7b: Workshop on Forensic Profiling.
- D6.7c: Forensic Profiling.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
Approaches for privacy enhancement
To improve the implementation of data protection principles in the context of electronic signatures, two approaches are discussed aiming at reduction of linkability of certificates:
Use of context-specific digital credentials instead of one “general purpose” certificate. This could be done e.g., by issuing a specific signed pseudonymous certificate or digital credential in general that includes only necessary information in the context of the signature and that uses a number that is not repeated for other certificates and thus is not linkable. In this context the certificate authority also takes over the role as identity provider, acting as a trusted third party.
Use of pseudonymous signatures. In this concept, which is also supported by the European Signature Directive 1999/93/EC (Gasson, Meints, Warwick 2005: 33), for one physical person, different key pairs and correspondingly different pseudonymous certificates can be used. This approach limits linkability to those signatures in which the same pseudonymous certificate has been used.
In both cases, it is possible to uncover the physical person behind the pseudonymous certificate and credential by the certificate authority when this is needed and legal (e.g., in cases of criminal investigations). There are other approaches where the physical person behind a pseudonym is not identified, but where still legitimate claims can be covered and/or misuse can be prevented (Pfitzmann, Hansen 2006).
20 / 45 |