Privacy-enhancing identity management

Marit Hansen, Peter Berlich, Jan Camenisch, Sebastian Clauß, Andreas Pfitzmann, Michael Waidner
2004 Information Security Technical Report  
Issue: Individual privacy is an increasingly important issue in the context of the information society. Privacy-enhancing identity management (IM) offers a means whereby individuals controls the nature and amount of personal information about them that is disclosed. In particular, to achieve privacy, individuals can use pseudonyms and determine the degree of linkability between different occurrences of their data. Through the secure and authenticated use of pseudonyms, accountability of an
more » ... idual for his or her actions can be achieved without giving away personal data. Thus, privacy-enhancing identity management systems (IMSs) enable users to assert their right to "informational self-determination" better than before. Such systems are needed in all computer-mediated communications, even more so now with the advent of new technologies like mobile communication, UMTS, or ubiquitous computing. Relevance: Surveys have shown that the lack of trust in privacy and security is an important hindrance for the success of e-commerce. Identity management implements the concept of notification and choice and empowers users. Transparency and putting users in control is expected to enhance users' trust. Today's existing identity management systems have no, or limited, privacy goals or functionality, or may even threaten users' privacy if they store and process personal information without appropriate protection measures. Thus there is a need for new systems to be designed and built into the infrastructure. Sebastian Clauß has a diploma degree in informatics from Dresden University of Technology, Germany, where he studied from 1994 to 2000 and where he is currently engaged in research into data security and privacy. His research interests and published work focus in particular on technologies for anonymity and identity management. Andreas Pfitzmann is a professor of computer science at Dresden University of Technology. His research interests include privacy and multilateral security, mainly in communication networks , mobile computing, and distributed applications. He has authored or coauthored about 70 papers in these fields. He received diploma and doctoral degrees in computer science from the University of Karlsruhe. He is a member of ACM, IEEE, and GI, where he serves as chairman of the Special Interest Group on Dependable IT-Systems. Marit Hansen is a computer scientist and is head of the "Privacy Enhancing Technologies (PET)" Section at the Independent Centre for Privacy Protection Schleswig-Holstein (the state privacy commission), Germany. Since her diploma in 1995 she has been working on security and privacy aspects especially concerning the Internet, anonymity, pseudonymity, identity management, biometrics, multilateral security, and e-privacy from both the technical and the legal perspectives. In several projects she and her team actively participate in technology design in order to support PET and give feedback on legislation. Els Van Herreweghen has Masters degrees in Chemical Engineering (Ingenieur Scheikunde en Landbouwindustrieen) and Computer Science (Licentiaat Informatika) from the Katholieke Universiteit Leuven, Belgium, in 1988 and 1992, respectively. Since 1992, she has been a Research Staff Member in the Network Security group at the IBM Zurich Research Laboratory, Switzerland. Her research focuses on security and privacy issues related to electronic communication and electronic transactions.
doi:10.1016/s1363-4127(04)00014-7 fatcat:c6ga2thbtfdebi7lraonqgvk4i