The CREDENTIAL project addresses the need for a secure and privacy-preserving cloud-based identity management and data-sharing platform. The project puts users in full control of the data and attributes they want to share, while keeping their data hidden from the cloud provider, thus giving high authenticity guarantees to its data receivers.
On the one hand, the CREDENTIAL project targets cloud and identity providers who are interested in extending their portfolio with privacy enhanced and authentic data sharing services by leveraging the software developed in the project. On the other hand, CREDENTIAL targets service providers to learn how they can indirectly benefit from the CREDENTIAL Wallet service by registering as a receiving endpoint for authentic user data, thus providing more trustworthy eBusiness solutions.
Additionally, the privacy-preserving features of the CREDENTIAL platform also make it very attractive to public bodies who are interested in extending their portfolio of eGovernment or eHealth applications for citizens.
Existing identity and access management services essentially require a user to choose between the benefits of using cloud-based services and privacy: on the one hand, users can put their identity information into the cloud and let it be managed, e.g. by social media or search engine providers, who have full access to the user’s identity information and can trace all of their interactions. On the other hand, users can keep their identity information local, requiring them to keep local state and transfer this state to each single device from which they want to authenticate themselves to a service, resulting in worse usability and flexibility.
Our approach combines the best of both worlds. If the users’ data are stored in the CREDENTIAL Wallet, these protected as a preventive measure by strong cryptography from the most prevailing threats in cloud computing, even from the provider itself. At the same time, data is easily accessible anywhere, anytime, and all communication devices without complex synchronization and configurations work. In essence, the project provides a versatile and easy-to-use solution to securely manage personal data in the Internet.
CREDENTIAL combines the best of the two existing approaches for the management of identities in the digital world. It allows users to use a cloudified identity management and data sharing platform, while still protecting their privacy and guaranteeing end-to-end confidentiality. That is, the cloud provider does not learn any privacy-sensitive information contained in the authentication credentials. Furthermore, users can define, on a very fine-granular level, which parts of documents they want to share with service providers or other users.
Additionally, the CREDENTIAL system also supports selective sharing of authentic data protected by digital signatures, i.e., the data receiver will still be assured of the integrity of the partially revealed information. Enabling end-to-end authenticity for selectively shared data is another new feature not available today and another added value of the CREDENTIAL Wallet. Especially with the upcoming of eIdas solutions and the establishment of the Digital Single Market in Europe, the CREDENTIAL Wallet can act as an enabler for a more trustworthy and privacy-friendly way of doing business in the digital world.