Designing a Trustworthy EU Digital Identity Wallet : A study of user needs and preferences

Sjöholm, Madeleine

January 2023

The digitalization has become increasingly central in today’s society and digital identities are one of the tangible changes that has quickly become integrated into our society. However, increased integration in societies also creates new challenges and responsibilities. The European Union (EU) has recognized this need and implemented the eIDAS regulation (electronic Identification, Authentication, and trust services). In the regulation, a digital identity wallet is also proposed. The aim of the wallet is for users to store and manage their digital identities and credentials such as driver’s licenses, university degrees, and similar documents. With this development and introduction of a digital identity wallet, questions about trust become relevant. Trust in digital identities is crucial to ensure communication and data management, as well as to get users to use the services.  The purpose of this study has been to examine aspects of trust related to the EU digital identity wallet and explore key components and actors within the wallet’s eco-system. The work has been limited to focusing on the electronic identification component of eIDAS. Furthermore, data has been collected from interviews with experts in the field from Sweden and the Netherlands. The theory used is definitions and concepts on what trust entails, as well as two frameworks explaining factors important to initially trust a system, and explaining the relationship between usability, privacy, and security.  The results conclude that users prioritize usability over security and privacy, and that an application that is simple and practical also are important features of a digital identity wallet. It also emerged that it is important for users that safety nets are built into the wallet. Furthermore, users, the EU, and the respective member states were identified as fundamental actors of the ecosystem. It was emphasized that the wallet is complex and that there are many challenges and opportunities ahead to build a trustworthy wallet.

eIDAS

trust

digital identity

EU digital identity wallet

regulation

usability

Computer and Information Sciences

Data- och informationsvetenskap

Digitální identita v době služeb Google / Digital identity at the time of Google services

Skoček, Jakub

January 2015

The aim of the thesis was to find out what information of personal and impersonal nature users provide to Google in exchange for free use of its services and what image of digital identity can be compiled from this information. Since the concept of digital identity can be interpreted in different ways, its meaning is first determined for the purposes of this study. For a better understanding of the subject is further described a brief history and present of Google and the services it offers. Range of digital identity is influenced by the company's policy on the collection and storage of user data. For this reason, it is discussed in a separate chapter. The next part presents tools for managing digital identity available within the user account. In the practical part the real user data from all services associated with the user account were analyzed.

Privacy Enhancing Techniques for Digital Identity Management

Hasini T Urala Liyanage Dona Gunasinghe (8479665)

23 July 2021

Proving and verifying remotely a user's identity information have become a critical and challenging problem in the online world, with the increased number of sensitive services offered online. The digital identity management ecosystem has been evolving over the years to address this problem. However, the limitations in existing identity management approaches in handling this problem in a privacy preserving and secure manner have caused disruptions to users' digital lives and damages to revenue and reputation of service providers.<br><br>In this dissertation, we analyze different areas of the identity management ecosystem in terms of privacy and security. In our analysis, we observe three critical aspects to take into account when identifying the privacy and security requirements to address in identity management scenarios, namely: i) protecting privacy and security of digital identity and online transactions of users; ii) providing other stakeholders with assurance about user identity information and accountability of transactions; iii) preserving utility (e.g. accuracy, efficiency and deployability).<br>We show that existing authentication models and identity management protocols fail to address critical privacy and security requirements related to all these three aspects, mainly because of inherent conflicts among these requirements. <br>For example, existing authentication protocols, which aim to protect service providers from imposters by involving strong authentication factors, such as biometrics, fail to protect privacy and security of users' biometrics. Protecting an identity management system against counterfeits of identity assets, while preserving unlinkability of the transactions carried out using the identity assets, is another example of conflicting yet critical privacy and security requirements.<br>We demonstrate that careful combinations of cryptographic techniques and other technologies make it feasible to design privacy preserving identity management protocols which address critical and conflicting requirements related to the aforementioned three aspects. Certain techniques, that we have developed for these protocols, are independent contributions with applications beyond the domain of digital identity management. We validate our contributions by providing prototype implementations, experimental evaluations and security proofs.

Uncategorized

Digital Identity Management

Privacy Preserving

Privacy Enhancing Technologies

BackFlip: A Principled Approach to Online Attribute Verification

Daley, Devlin R.

12 August 2010

As traditional interactions in the real-word move online, services that require verified personal information from web users will increase. We propose an architecture for the verification of web user attributes without the use of cryptographic-based credentials. In this architecture, service providers are delegated a user's ability to directly contact a certifying party and retrieve attribute data. We demonstrate that this approach is simple for both developers and users, can be applied to existing Internet facilities and sufficiently secure for typical web use cases.

thesis

digital identity

delegation

attribute verification

Computer Sciences

Revisiting the legal regulation of digital identity in the light of global implementation and local difference

Rodrigues, Rowena Edwardina

January 2011

This thesis aims to address a vital gap that has emerged in the digital identity regulatory discourse: how can the legal regulation of digital identity mirror the global nature of digital identity and be compatible with national local difference? Digital identity, or the digital representation of an individual, is a complex concept, which manifests in myriad forms (e.g. authenticators, claims, data or information, identifiers, presence, relationship representations and reputation) and natures. As such, it engages a gamut of legal domains ranging from criminal law, constitutional law, human rights law, law of identity schemes, contract law, intellectual property law, tort law and data protection law. Digital identity is global and local in its nature, influence and effects. Yet, the digital identity regulatory discourse has primarily developed in and focussed on the digitally advanced West, leaving out countries like India which are developing strong digital presences, with their own digital identity perceptions and needs. This situation is adverse to the sustained future of digital identity. Thus, the contribution of this thesis lies in filling this gap and preparing the ground for a dialogue between different countries with different national agendas through building international and local awareness of how similarities and differences operate in respect of digital identity, its regulation and providing a modest solution to help preserve the global and local dimensions of digital identity and its regulation. To this end, the thesis carried out comparative legal research on the legal regulation of digital identity using the UK and India as base jurisdictions. The original hypothesis was that that immense differences in the legal regulation of digital identity between the comparator countries would emerge. Yet, though differences were evident, considerable degrees of similarity also emerged, not just on the superficial level of mere identity of rules, but also in legal practice, in large part attributable to India’s penchant for legal transplants. While the transplantation of Western law did not result in a full-scale rejection of the transplanted laws in relation to digital identity in India, there are indications of anomalies caused by the imposition of Western cultural norms through law on an Indian society ill prepared for it. Thus there has resulted a tension between the local and the global, the indigenous and the externally imposed. The challenge is thus to resolve this, taking into account, on the one hand the need to maintain the global nature and relevance of digital identity and the other, the need to accommodate and be responsive to local differences. The thesis proposes a tentative solution called the tri-elemental framework (TeF) which draws from the Indian philosophical and legal concept of dharma (and its elements of Sad Achara, Vyavahara and Prayaschitta) and learns from the most universally relevant digital identity proposal, De Hert’s right to identity. The solution provides one way in which the law regulating digital identity, whatever its nature, can be made sense of and acquire cultural meaning appropriate to local contexts.

343.09

Att konstruera identitet på Facebook.com : En kvalitativ etnografi / Constructing identity on Facebook.com : A qualitative ethnography

Lindholm, Clara

January 2009

Title: Constructing identity on Facebook.com – A qualitative ethnographyNumber of pages: 40 (34)Author: Clara LindholmTutor: Amelie HössjerCourse: Media and communications studies CPeriod: HT (Autumn) 2009University: Division of Media and Communication, Department of InformationScience, Uppsala University.Purpose/Aim: The purpose is to study how the social community Facebook.com canbe used in order to construct identity. The study follows three Facebook users in anobservation where they are able to document their thoughts and reflections in anprivate media diary. This study investigates their use of the medium and focuses onthe functions with which they are able to alter their profiles. The result consists of acombination of these reflections, interviews and a selection of literature relevant tothe subject of new media, the use of social internet communities and social sciencetheories. The social theories are a selection of theories from the social scientist ErvingGoffman.Material/Method: This study is based on a qualitative research method and anethnographic method. The ethnography is a combination of an observation where theobserved are asked to keep a diary over the changes and updates they make on theirFacebook profiles. The ethnographic method further consists of selected literature andpersonal interviews. Finally the results are analyzed and presented.Main results: The three people in this study admit to being worried about uploadingpersonal information on the community Facebook. Still they found the socialcommunity Facebook as something positive which they all use several times per weekand in some cases daily. The conclusion shows that there is an uncertaintysurrounding the ethics of the use of Facebook when it comes to the differencebetween private and public and how to handle the personal information of others.Also it is concluded that an important part of the construction of identity on Facebookprofiles is the activity of deleting information whilst trying to uphold an image thatgoes along with the person’s percepted role in the society.Keywords: Facebook, social network, community, ethnography, Digital identity,Web 2.0

Facebook

social network

community

ethnography

Digital identity

Web 2.0

Media and communication studies

Medie- och kommunikationsvetenskap

Skapa ditt digitala skyltfönster : En studie om skapandet och betydelsen av dendigitala identiteten i mediebranschen / Create your digital shop window : A study of the creation and importance ofdigital identity in the media industry

Hjärne, Jessika, Bergh, Elin

January 2012

Googling their employees and job seekers are becoming more common andin that we live our lives more and more on the internet it becomes moreimportant how we act and to think about what you publish on the internet.Each time you press a key, will leave a digital footprint behind and thereforeit’s important to know how to deal with this. The purpose was to describehow a person strategically can proceed to build an identity on the internet toget benefits in the job seeking process in the media industry and to describethe importance of the digital identity in the recruitment process in a smallertown. We’ve used a qualitative approach and made eight interviews withrecruiters from the media and also people who have built a digital identity.We’ve used Bauman’s theory about consumer society, Montoya’s eight lawsof personal branding and also theories about profiling, and communicationsplanning to analyze the material. We’ve found that a digital identity plays animportant role in the professional context in the media industry and cansometimes be crucial if a person gets a job or not. The first thing to do whenbuilding a digital identity is to find your core value, set goals and define thetarget audience in order to adapt to this when you convey your message. It’salso important to choose the right channel to carry the message through. Thedigital identity also needs to be updated and maintained regularly.

Personal branding

digital identity

social media

internet

strategic communications

profiling

recruitment process

A digital identity management system

Phiri, Jackson

January 2007

>Magister Scientiae - MSc / The recent years have seen an increase in the number of users accessing online services using communication devices such as computers, mobile phones and cards based credentials such as credit cards. This has prompted most governments and business organizations to change the way they do business and manage their identity information. The coming of the online services has however made most Internet users vulnerable to identity fraud and theft. This has resulted in a subsequent increase in the number of reported cases of identity theft and fraud, which is on the increase and costing the global industry excessive amounts. Today with more powerful and effective technologies such as artificial intelligence, wireless communication, mobile storage devices and biometrics, it should be possible to come up with a more effective multi-modal authentication system to help reduce the cases of identity fraud and theft. A multi-modal digital identity management system is proposed as a solution for managing digital identity information in an effort to reduce the cases of identity fraud and theft seen on most online services today. The proposed system thus uses technologies such as artificial intelligence and biometrics on the current unsecured networks to maintain the security and privacy of users and service providers in a transparent, reliable and efficient way. In order to be authenticated in the proposed multi-modal authentication system, a user is required to submit more than one credential attribute. An artificial intelligent technology is used to implement a technique of information fusion to combine the user’s credential attributes for optimum recognition. The information fusion engine is then used to implement the required multi-modal authentication system.

Authorization

Biometrics

Credentials

Digital identity

Identity fraud

Information fusion

Multi-modal authentication

Artificial intelligence

Mapeamento de incidentes com identidades digitais e estratégias de controle em ambientes virtuais

GOMES, Anselmo Lacerda

31 August 2015

Submitted by Fabio Sobreira Campos da Costa (fabio.sobreira@ufpe.br) on 2016-04-07T13:22:15Z No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) AnselmoLacerdaGomesCInMsc (19-11-2015).pdf: 2341760 bytes, checksum: 06c1abb20d748a6921088b434a7b7cb3 (MD5) / Made available in DSpace on 2016-04-07T13:22:15Z (GMT). No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) AnselmoLacerdaGomesCInMsc (19-11-2015).pdf: 2341760 bytes, checksum: 06c1abb20d748a6921088b434a7b7cb3 (MD5) Previous issue date: 2015-08-31 / O Roubo de Identidade Digital (RID) é o roubo de informações que resulta na possibilidade de alguém assumir a identidade da vítima. Em decorrência disso, credenciais de acesso e dados dispostos em qualquer meio eletrônico ficam vulneráveis, como em computadores e em dispositivos móveis. Ultimamente, esses dispositivos têm sido bastante visados pelos atacantes, devido à sensibilidade e pessoalidade dos dados nele armazenados. Senhas, informações bancárias, financeiras e de geolocalização são apenas alguns exemplos de dados expostos a essa vulnerabilidade moderna. O RID é uma prática que pode resultar no êxito de diversos outros crimes associados, por exemplo, estelionato, espionagem, ciberterrorismo e ciberguerra. Suas implicações são sérias, já que o atacante pode assumir o controle de instalações industriais, centros militares, governos e organizações inteiras, sendo imprevisíveis os danos à ordem pública e aos cidadãos. Neste trabalho foi utilizada a metodologia de mapeamento sistemático para identificar quais são os principais incidentes de segurança associados ao RID. Relações e relativizações foram realizadas a fim de mapear as suas principais causas e consequências. A principal contribuição desta dissertação é o mapeamento sistemático de RID. Finalmente, esta dissertação de mestrado objetivou delinear o conhecimento sobre o assunto, de forma atualizada, indicando diretrizes para a minimização ou completa prevenção de incidentes dessa natureza. / The Digital Identity Theft (DIT) is the stealing of information that allows the attacker to take the victim’s identity, somehow. This promotes the access to credentials and data disposed in computers, mobile devices or any electronic environment, making them vulnerable. Recently, mobile devices are being very targeted because of the sensibility and personality of the data found there. Passwords, bank, financial and geolocation information are just some examples of data being exposed by this modern vulnerability. DIT is a practice that may result in the success of many other associated crimes, like embezzlement, espionage, cyberterrorism and cyberwar. Its implications are serious because the attacker can assume the control of industrial facilities, military centres, government and entire organizations, damaging the public order and the people to an unpredictable extent. This work used the systematic mapping methodology to identify which are the main security incidents related to DIT. Relations and relativizations were performed to map its main causes and consequences. Finally, this dissertation aimed to delineate the knowledge on the subject, indicating guidelines to minimize or avoid entirely incidents with this nature.

Roubo de Identidade Digital

Mapeamento Sistemático

Segurança Digital

Cibercrimes

Digital Identity Theft

Systematic Mapping

Digital Security

Cybercrimes

Identity Construction on Social Network Sites : Facebook

Agadagba, Efeoghene

January 2011

Digital Identity

Social Network Sites

Digital Identity

Specific Languages

Studier av enskilda språk