Early-bird Discount
expires in
Register Now

Agenda

Identity Assurance; eIDAS Recital 3

Identity Assurance; eIDAS Recital 3

Combined Session
Friday, June 07, 2024 11:30—12:30
Location: C 01
Log in to download presentations

A Case Study: Enhancing Identity Assurance through Verifiable Credentials
11:30—11:50

Watch the video

 

In this session, I will delve into the application of Verifiable Credentials to elevate user identity assurance levels. By leveraging Verifiable Credentials for attribute assurance, we establish a foundation that enhances user confidence and trust. Through a detailed exploration of real-world use cases, we will illustrate how this approach not only safeguards user identities but also fosters a secure and reliable environment for system utilization. I unravel the key principles and practical implementations that contribute to a heightened sense of security, ensuring a robust and trustworthy user experience.

Naohiro Fujie
General Manager
Itochu Techno Solutions
Naohiro Fujie, General Manager at ITOCHU Techno-Solutions Corporation(CTC),  has spent more than 20 years in the IT industry and primary focused on Digital Identity. Since 2021, he has been...
Chikako Nagaoka
Project Assistant Professor
Research Center for Open Science and Data Platform (RCOS), National Institute of Informatics (NII)
Researcher related to the promotion of Open Education and the use of micro-credentials, Ph.D.
Meeting the Challenges of Securing the EUDI Wallet with a High Level of Assurance: an Overview of Deployment Solutions.
11:50—12:10

Watch the video

 

In the next three years, the twenty seven states of the European Union (EU) will have to finalize the implementing acts for the eIDAS2 regulation and issue digital identity wallets to their citizens. Although the Architecture Reference Framework (ARF) defined by the EU expert group has clearly identified mandatory standards for several parts of the wallet, such as the credentials formats, or the verification or presentation protocols, it has not mandated standards on how to secure of the wallet credentials, sensitive data and key materials.
The ARF has identified use cases requiring a high level of assurance (LoA) in terms of security, such as the provisioning of the Personal Identification Data (PID) or the use of qualified signature, as well as possible means to ensure this high LoA: with secure elements embedded into the mobile device, with external electronic identity documents accessed by communication channels such as Near Field Communication (NFC), or with the use of remote Hardware Security Modules.
Today, the vast majority of mobile devices are embedding secure elements and trusted execution environments that already provide certified high level of security for several use cases such as secure connectivity, payment, ticketing, or digital keys. These secure elements are deployed on billions of mobile devices, and are based on recognized standards such GlobalPlatform Secure Element or Trusted Execution Environment specifications.
This presentation will give an overview of the different security standards and technologies available in mobile devices, and how they can be applied for securing digital identity wallets. Besides the secure storage and secure execution environment aspects, this presentation will also address secure provisioning of wallet applications, credentials and sensitive data, as well as their security certification. It will bridge the gap between the high level requirements of security and the possible deployment scenarios that will enable digital identity wallet to enjoy the same level of security as existing proven and largely deployed solutions.

Dr. Jean-Daniel Aussel
Head of Standardization
Thales DIS
Jean-Daniel Aussel is Head of Standardization at Thales Digital Identity and Security, where he is driving the standardization strategy for different market segments since 2015. Recently,...
Manipulative Digital Identity: What is Manipulation in the Context of eIDAS Recital 3?
12:10—12:30

Watch the video

 

Online manipulation is mentioned in several EU Regulations as one of the cyber threats that need to be countered. Recital 3 in the eIDAS 2.0 regulation also mentions manipulation as a threat that the European Digital Identity Wallet and other subjects covered in eIDAS are to address. This talk will detail from a normative perspective what manipulation is and how online manipulation has specific traits. From that perspective the way the EUDIW is discussed and how it can aggravate or reduce manipulative capabilities in the online realm.
This talk draws from research that is conducted at Delft University by Henk Marsman on the topic of digital wallets, national identity and online manipulation, for which a paper is forthcoming in 2024.

Henk Marsman
Principal Consultant
SonicBee
Henk Marsman is both independent researcher as well as principal consultant at SonicBee. Having spend over 20 years in cybersecurity and specifically identity and access management he still advises...
Almost Ready to Join EIC 2024?
Reach out to our team with any remaining questions
Get in touch