PRIME – Privacy and Identity Management for Europe

1. PRIME – Privacy and Identity Management for Europe Project Overview Version 1.2 – 26 Oct. 2004

2. PRIME – Privacy and Identity Management for Europe PRIME in short Vision and Objectives Key Data Partners PRIME in detail Objectives Research Challenges Principles Workplan Reference Group Standardisation Involvement PRIME Contact Overview Version 1.2 - October, 2004

3. PRIME Vision In the Information Society, users can act and interact in a safe and secure way while retaining control of their private sphere. Version 1.2 - October, 2004

4. PRIME Objectives • Advance the state-of-the-art in privacy-enhancing identity management • Demonstrate how to embed European privacy laws and regulations into technology • Empower individuals to effectively realise their right to privacy and informational self-determination • Development of real-world toolsand solutions for identity management Version 1.2 - October, 2004

5. PRIME – Some Key Data • The PRIME project receives research funding from the Community’s Sixth Framework Programme and the Swiss Federal Office for Education and Science. • Integrated Project in the Information Society Technologies Priority • Duration: 4 years (March 2004 – February 2008) • Budget: M€ 16 (M€ 10 granted EC contribution) • Number of participants: 20 • Reference Group Version 1.2 - October, 2004

6. PRIME Partners Version 1.2 - October, 2004

7. IBM France, F IBM Zurich Research Lab, CH Unabhängiges Landeszentrum für Datenschutz, D Technische Universität Dresden, D Katholieke Universiteit Leuven, B Universiteit van Tilburg, NL Hewlett-Packard, UK Karlstads Universitet, S JRC / IPSC Ispra, I Università di Milano, I Centre National de la Recherche Scientifique / LAAS, F Johann Wolfgang Goethe-Universität Frankfurt am Main, D Chaum LLC, USA RWTH Aachen, D Institut EURECOM, F Erasmus Universiteit Rotterdam, NL Fondazione Centro San Raffaele del Monte Tabor, I Deutsche Lufthansa, D Swisscom, CH T-Mobile, D PRIME Partners Version 1.2 - October, 2004

8. PRIME Objectives (1/2) Advance the state-of-the-art in privacy-enhancing identity management by: • Laying the theoretical foundations, taking into account current environments as well as future scenarios. • Developing novel, practical solutions and approaches to the validation and communication of the level of privacy and security achieved. • Raising awareness of the privacy problems and of practically feasible options. Version 1.2 - October, 2004

9. PRIME Objectives (2/2) PRIME takes a highly interdisciplinary approach in order to produce solutions that are • Technically feasible; • Understandable and manageable by end users; • Socially desirable and acceptable; • Legally required; • Commercially viable and exploitable. Version 1.2 - October, 2004

10. PRIME Principles • Design starting from maximum privacy • System usage governed by explicit privacy rules • Privacy rules must be enforced, not just stated • Trustworthy privacy enforcement • Easy and intuitive abstractions of privacy for users • An integrated approach to privacy • Privacy integrated with applications Version 1.2 - October, 2004

11. PRIME Workplan • Organised in blocks and activities • Main blocks: • Requirements and evaluation • Application prototypes • Mechanisms research and development • Framework and architecture • Management and outreach Version 1.2 - October, 2004

12. Block 1: Requirements and Evaluation • Legal requirements: Legal experts shall ensure that PRIME technology is fully compliant with applicable laws and regulations. • Socio-economic requirements: Established economic theories will be applied in the emerging field of privacy-enhancing identity management. • Generic application requirements: Requirements will be identified that are relevant to PRIME in the near as well as longer term. Version 1.2 - October, 2004

13. Block 2: Application Prototypes • Block 2 aims at validating, in a real-life environment, the approach, architecture and technology of PRIME. • Major scenarios: • On-line health care system(Fondazione Centro San Raffaele); • Location-based services (Swisscom, T-Mobile); • Privacy-preserving customer database (Lufthansa); • Anonymous access to infrastructure for mobile workers (Swisscom, T-Mobile); • E-Learning (Dresden University); • Privacy-enhancing ambient intelligence (JRC). Version 1.2 - October, 2004

14. Block 3: Mechanism Research and Development (1/3) • Assurance methods: Users as well as service providers will be supported in gaining assurance of whether a technology or service matches their privacy requirements. • Human-Computer Interface: HCI concepts and user interfaces will be developed which provide users with a clear understanding about consequences and options when releasing personal information. • Ontologies and privacy principles: Formal ontologies will be elaborated which communicate the complex conceptual framework of the privacy domain. Version 1.2 - October, 2004

15. Block 3: Mechanism Research and Development (2/3) • Authorisation models: Novel authorisation policies together with their related model and language will be developed which allow expressing and enforcing authorisations depending on different partial identities of the requestors. • Cryptographic mechanisms: The core cryptographic solutions for privacy-enhancing identity management (including credentials) will be provided. Version 1.2 - October, 2004

16. Block 3: Mechanism Research and Development (3/3) • Communication infrastructure: Models for address and location privacy against a strong attacker model will be elaborated. • User/server-side identity management: The prototypes supporting the user and enforcing privacy policies will be designed and implemented (at the user as well as at the server side). • Education: Educational material of many facets of PRIME will be worked out which address the needs of application developers, service providers, application designers, and end users. Version 1.2 - October, 2004

17. Block 4: Framework • First public result: Framework V0 (see webpage) • Provides “map” of privacy-enhancing identity management • Problem space • Vision of PRIME • PRIME stakeholders, roles and responsibilities • Application scenarios • Legal and social environment • Business models and economic drivers • PRIME concepts and terminology • PRIME models for users and metaphors Version 1.2 - October, 2004

18. Block 5: Public Relations –http://www.prime-project.eu.org/ • Project overview • News & results • Public and internal spaces Version 1.2 - October, 2004

19. Reference Group External interested experts providing early feedback on project results from different standpoints: • Data Protection Authorities: Dutch Data Protection; Zurich Data Protection; Article 29 Working Party • Industry: Microsoft EMEA; Philips Research; Ericsson; Migros; Hunton & Williams; Eurochambres • Administration: Danish Board of Technology • Independent Research: RAND Europe; Institute of Technology Assessment, Austria • Academia: Free University of Brussels; London School of Economics; University of Dar es Salaam, Tanzania • Law Enforcement: Ministry of the Interior and Kingdom Relations of the Netherlands • Consumer Protection: BEUC – The European Consumers’ Organisation Version 1.2 - October, 2004

20. Standardisation Involvement • Goethe-Universität Frankfurt • ISO/IEC JTC1 SC 27 “IT Security Techniques” • ISO/IEC JTC1 SC 27/WG 3 “Security Evaluation Criteria” • ISO/IEC JTC1 AdHoc Working Group Privacy Technologies • DIN-NI 27 “IT-Sicherheit” • HP (Management Board Member) • ISO/IEC JTC1 AdHoc Working Group Privacy Technologies • IBM • ISO/IEC JTC1 SC 27/WG “Security Mechanisms” • Several joint members • W3C subcontractor • IBM, HP • HP, IBM (Management Board Members) • IBM • MS in Reference Group • Several joint members Version 1.2 - October, 2004

21. PRIME Contact • http://www.prime-project.eu.org/ • Project Management:Gérard LacosteIBM La Gaude Project Office for European Projectslacoste@fr.ibm.com • Public Relations:Marit HansenIndependent Centre for Privacy Protectionprime@datenschutzzentrum.de Version 1.2 - October, 2004