The main ambition of the Horizon 2020 project CREDENTIAL is to realize an end-to-end secure and privacy-preserving platform for managing and storing users' digital identity information, ranging from authentication credentials over medical reports to tax data or similar. Using strong cryptographic mechanisms, high authenticity guarantees shall be made, while at the same time users should be able to determine which of their data goes where on a very fine granular level.
Who is the project designed for?
On the one hand, the CREDENTIAL project targets cloud and identity providers who are interested in extending their portfolio with privacy enhanced and authentic data sharing services by leveraging the software developed in the project. On the other hand, CREDENTIAL targets service providers to learn how they can indirectly benefit from the CREDENTIAL Wallet service by registering as a receiving endpoint for authentic user data, thus providing more trustworthy eBusiness solutions.
Additionally, the privacy-preserving features of the CREDENTIAL platform also make it very attractive to public bodies who are interested in extending their portfolio of eGovernment or eHealth applications for citizens.
How will your project benefit the end-user?
Existing identity and access management services essentially require a user to choose between the benefits of using cloud-based services and privacy: on the one hand, users can put their identity information into the cloud and let it be managed, e.g. by social media or search engine providers, who have full access to the user’s identity information and can trace all of their interactions. On the other hand, users can keep their identity information local, requiring them to keep local state and transfer this state to each single device from which they want to authenticate themselves to a service, resulting in worse usability and flexibility.
Our approach combines the best of both worlds. If the users’ data are stored in the CREDENTIAL Wallet, these are protected as a preventive measure by strong cryptography from the most prevailing threats in cloud computing, even from the provider itself. At the same time, data is easily accessible anywhere, anytime, and all communication devices without complex synchronization and configurations work. In essence, the project provides a versatile and easy-to-use solution to securely manage personal data in the Internet.
Please briefly describe the results your project achieved so far
During the last two and a half years, the CREDENTIAL Wallet as the central platform for administering a user's personal data has been implemented. Furthermore, pilots from the domains of eHealth, eBusiness, and eGovernment have been implemented.
The eGovernment use case lets the user authenticate himself towards public services in a privacy-preserving way, such that only the minimum amount of information is revealed to the service provider, and the data is at no point revealed to the CREDENTIAL Wallet. One use case of the eBusiness pilot allows for forwarding encrypted emails to a deputy, e.g., in case of absence, without having to share the secret decryption key with anybody, but by providing the mail server with an ephemeral key that can solely be used to translate emails encrypted for the original receiver to messages encrypted for the deputy. Finally, the eHealth pilot lets patients dynamically share their health data (e.g., blood sugar or blood pressure measurements, weight, etc.) with their doctors, who in turn can provide feedback back to the patients, without the CREDENTIAL Wallet learning anything sensitive.
At this point, all pilots are fully functional and are currently undergoing profound security and usability tests.
What are the next steps for your project?
The last phase of the CREDENTIAL project is dedicated to sanitizing the current implementations with regard to security, usability, and scalability, and in parallel to paving the way to a successful exploitation of the results after the project ends.