Pieter Verhaeghe

A privacy-preserving ticketing system

Electronic identity (eID) cards are deployed in an increasing number of countries. These cards often provide digital authentication and digital signature capabilities, but have at the same time serious privacy shortcomings. We can expect that ordering and issuing tickets for events (e.g. soccer matches) will be increasingly done using eID cards, hence, severely threatening the user’s privacy. This paper proposes two alternative ticketing systems that are using the eID card in a bootstrap procedure, but still are providing a high degree of privacy to the user.

Security and Privacy Improvements for the Belgian eID Technology

The Belgian Electronic Identity Card enables Belgian citizens to prove their identity digitally and to sign electronic documents. At the end of 2009, every Belgian citizen older than 12 years will have such an eID card. In the future, usage of the eID card may be mandatory. However, irresponsible use of the card may cause harm to individuals.

A smart card based solution for user-centric identity management

This paper presents a prototype of a previously proposed user-centric identity management system using trusted modules. The trusted module, implemented using a smart card, can retrieve user attributes from identity providers and offer them to service providers, after authentication. This paper allows an evaluation of the practical feasibility of the identity management architecture and provides insight in several design decisions made during the prototype implementation. Also, the cryptographic protocols implemented in the prototype are discussed.

A Mobile and Reliable Anonymous ePoll Infrastructure

This paper illustrates and scans the limits of the use of anonymous credentials (e.g. Idemix) on smart phones to preserve the user’s privacy. A prototypical application with strong privacy requirements, ePoll, will be presented in detail. To ease the implementation of such applications, a specialized identity management framework has been developed. A first prototype of the ePoll application was built for workstations. Later it was ported to a smart phone to evaluate the performance of anonymous credential protocols in this setting.

PriMan: a privacy-preserving identity framework

PriMan is presented; privacy-preserving user-centric identity management middleware which defines and groups the required functionality. It offers the application developer a uniform technology-agnostic interface to use and combine different types of privacy enhancing technologies. Moreover, the PriMan framework defines all the components and their functionality required to raise the development of privacy enhanced client-server applications to a higher level.

A Privacy-Preserving Ticketing System

Electronic identity (eID) cards are deployed in an increasing number of countries. These cards often provide digital authentication and digital signature capabilities, but have at the same time serious privacy shortcomings. We can expect that ordering and issuing tickets for events (e.g. soccer matches) will be increasingly done using eID cards, hence, severely threatening the users privacy. This paper proposes two alternative ticketing systems that are using the eID card in a bootstrap procedure, but still are providing a high degree of privacy to the user.

Extending the Belgian eID Technology with Mobile Security Functionality

The Belgian Electronic Identity Card was introduced in 2002. The card enables Belgian citizens to prove their identity digitally and to sign electronic documents. Today, only a limited number of citizens really use the card in electronic applications. A major reason is the lack of killer functionality and killer applications.

Privacy Policies, Tools and Mechanisms of the Future

Although many believe that we have lost the battle for privacy, protection of what’s left of the user’s privacy is all the more important. Not only should a user be able to minimize the disclosure of her personal data, she should also have rights to decide what happens with her data once they have been disclosed. In order to minimize user interaction when deciding whether or not to reveal personal data, privacy policy languages were developed. However, these languages are inadequate and cannot properly deal with the complex interactions between users, service providers, third parties, identity providers and others. Also, tool support for composing and verifying these policies and mechanisms for enforcing them are lagging behind. This paper argues the need for better privacy policies and proposes some solutions. Throughout the paper, our statements are applied to three sample applications in three different domains: e-health, banking and social networks.

Building advanced applications with the Belgian eID

The Belgian Electronic Identity Card (eID) was introduced in 2002. The card enables Belgian citizens to digitally prove their identity and to sign electronic documents. Today, only a limited number of citizens really use the card in electronic applications. An important reason is the lack of killer functionality and killer applications. This paper presents two reusable extensions to the Belgian eID technology that opens up new opportunities for application developers. First, a secure and ubiquitously accessible remote storage service is presented. Second, it is shown how the eID card can be used to issue new certificates. The feasibility and reusability of both extensions are validated through the development of several applications in different domains. Copyright