PRIME – Privacy and Identity Management for Europe

www.prime-project.eu.org

PRIME – Privacy and Identity Management

for Europe

Project OverviewVersion 1.2 – 26 Oct. 2004


Version 1.2 - October, 2004

Overview

• PRIME – Privacy and Identity Management for Europe

• PRIME in short– Vision and Objectives– Key Data– Partners

• PRIME in detail– Objectives– Research Challenges– Principles– Workplan– Reference Group– Standardisation

Involvement

• PRIME Contact



PRIME Vision

In the Information Society, users can act and interact in a safe and secure way while retaining control of their private sphere.



PRIME Objectives

• Advance the state-of-the-art in privacy-enhancing identity management

• Demonstrate how to embed European privacy laws and regulations into technology

• Empower individuals to effectively realise their right to privacy and informational self-determination

Development of real-world toolsand solutions for identity management



PRIME – Some Key Data

• The PRIME project receives research funding from the Community’s Sixth Framework Programme and the Swiss Federal Office for Education and Science.

• Integrated Project in the Information Society Technologies Priority

• Duration: 4 years (March 2004 – February 2008)

• Budget: M€ 16 (M€ 10 granted EC contribution)

• Number of participants: 20

• Reference Group



PRIME Partners



PRIME Partners

IBM France, F

IBM Zurich Research Lab, CH

Unabhängiges Landeszentrum für Datenschutz, D

Technische Universität Dresden, D

Katholieke Universiteit Leuven, B

Universiteit van Tilburg, NL

Hewlett-Packard, UK

Karlstads Universitet, S

JRC / IPSC Ispra, I

Università di Milano, I

Centre National de la Recherche Scientifique / LAAS, F

Johann Wolfgang Goethe-Universität Frankfurt am Main, D

Chaum LLC, USA

RWTH Aachen, D

Institut EURECOM, F

Erasmus Universiteit Rotterdam, NL

Fondazione Centro San Raffaele del Monte Tabor, I

Deutsche Lufthansa, D

Swisscom, CH

T-Mobile, D



PRIME Objectives (1/2)

Advance the state-of-the-art in privacy-enhancing identity management by:

– Laying the theoretical foundations, taking into account current environments as well as future scenarios.

– Developing novel, practical solutions and approaches to the validation and communication of the level of privacy and security achieved.

– Raising awareness of the privacy problems and of practically feasible options.



PRIME Objectives (2/2)

PRIME takes a highly interdisciplinary approach in order to produce solutions that are

– Technically feasible;

– Understandable and manageable by end users;

– Socially desirable and acceptable;

– Legally required;

– Commercially viable and exploitable.



PRIME Principles

1. Design starting from maximum privacy

2. System usage governed by explicit privacy rules

3. Privacy rules must be enforced, not just stated

4. Trustworthy privacy enforcement

5. Easy and intuitive abstractions of privacy for users

6. An integrated approach to privacy

7. Privacy integrated with applications



PRIME Workplan

• Organised in blocks and activities

• Main blocks:1. Requirements and evaluation2. Application prototypes3. Mechanisms research and development4. Framework and architecture5. Management and outreach



Block 1: Requirements and Evaluation

• Legal requirements: Legal experts shall ensure that PRIME technology is fully compliant with applicable laws and regulations.

• Socio-economic requirements: Established economic theories will be applied in the emerging field of privacy-enhancing identity management.

• Generic application requirements: Requirements will be identified that are relevant to PRIME in the near as well as longer term.



Block 2: Application Prototypes

• Block 2 aims at validating, in a real-life environment, the approach, architecture and technology of PRIME.

• Major scenarios:– On-line health care system

(Fondazione Centro San Raffaele);– Location-based services (Swisscom, T-Mobile);– Privacy-preserving customer database (Lufthansa);– Anonymous access to infrastructure for mobile

workers (Swisscom, T-Mobile);– E-Learning (Dresden University);– Privacy-enhancing ambient intelligence (JRC).



Block 3: Mechanism Research and Development (1/3)

• Assurance methods: Users as well as service providers will be supported in gaining assurance of whether a technology or service matches their privacy requirements.

• Human-Computer Interface: HCI concepts and user interfaces will be developed which provide users with a clear understanding about consequences and options when releasing personal information.

• Ontologies and privacy principles: Formal ontologies will be elaborated which communicate the complex conceptual framework of the privacy domain.




• Authorisation models: Novel authorisation policies together with their related model and language will be developed which allow expressing and enforcing authorisations depending on different partial identities of the requestors.

• Cryptographic mechanisms: The core cryptographic solutions for privacy-enhancing identity management (including credentials) will be provided.




• Communication infrastructure: Models for address and location privacy against a strong attacker model will be elaborated.

• User/server-side identity management: The prototypes supporting the user and enforcing privacy policies will be designed and implemented (at the user as well as at the server side).

• Education: Educational material of many facets of PRIME will be worked out which address the needs of application developers, service providers, application designers, and end users.



Block 4: Framework

• First public result: Framework V0 (see webpage)

• Provides “map” of privacy-enhancing identity management– Problem space– Vision of PRIME– PRIME stakeholders, roles and responsibilities– Application scenarios– Legal and social environment– Business models and economic drivers– PRIME concepts and terminology– PRIME models for users and metaphors



Block 5: Public Relations –http://www.prime-project.eu.org/

• Project overview

• News & results

• Public and internal spaces



Reference Group

External interested experts providing early feedback on project results from different standpoints:– Data Protection Authorities: Dutch Data Protection;

Zurich Data Protection; Article 29 Working Party– Industry: Microsoft EMEA; Philips Research;

Ericsson; Migros; Hunton & Williams; Eurochambres– Administration: Danish Board of Technology – Independent Research: RAND Europe; Institute of

Technology Assessment, Austria– Academia: Free University of Brussels; London

School of Economics; University of Dar es Salaam, Tanzania

– Law Enforcement: Ministry of the Interior and Kingdom Relations of the Netherlands

– Consumer Protection: BEUC – The European Consumers’ Organisation



Standardisation Involvement

• Several joint members• W3C subcontractor

• IBM, HP

• HP, IBM (Management Board Members)

• IBM• MS in Reference Group

• Several joint members

• Goethe-Universität Frankfurt– ISO/IEC JTC1 SC 27 “IT Security Techniques”– ISO/IEC JTC1 SC 27/WG 3 “Security Evaluation Criteria”– ISO/IEC JTC1 AdHoc Working Group Privacy

Technologies– DIN-NI 27 “IT-Sicherheit”

• HP (Management Board Member)– ISO/IEC JTC1 AdHoc Working Group Privacy

Technologies

• IBM– ISO/IEC JTC1 SC 27/WG “Security Mechanisms”



PRIME Contact

• http://www.prime-project.eu.org/

• Project Management: Gérard LacosteIBM La Gaude Project Office for European [email protected]

• Public Relations: Marit HansenIndependent Centre for Privacy [email protected]

Documents

PRIME – Privacy and Identity Management for Europe