Michele Schiano di Zenise, Andrea Vitaletti , David Argles

1. Michele Schiano di Zenise, Andrea Vitaletti , David Argles UniversityofRome “Sapienza”, Italy University of Southampton, United Kingdom A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment

2. Scenario • A person goes out clubbing and has to certify his age to enter. In order to reach the goal, this person has to provide some kind of documentation to the bouncer. • Problems • because of forgetfulness the documents are not always available; • the document could contain useless information (for the goal); • the person should decide what information to show; • the procedure should be quick, secure and guarantee privacy; • to prompt credibility and legality. A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment

3. Goal • To develop a tool that solves these problems, creating and managing electronic eIDs • Required features • mobility; • security; • privacy; • user-centricity; • easy to use; • credibility. A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment

4. Idea • to use the Android platform provided by Google for the development of a mobile application that provides the expected features • Dependent technologies • Android; • Java; • mySQL; • PHP; • UML. A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment

5. Possible technologies • Exsisting Technologies • Smart card: is used to access reserved areas managed by automated access control or use private services; • Electronic Identities: government-issued document for online and offline identification that usually allows digital signing. • eCert: is a UK government-sponsored project that uses an eCertification protocol to address security issues which originally arose as a concern within the field of ePortfolios. A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment

6. eCert • Why eCert? • it is a UK government user-centric structure for ePortofolios with a high security level; • the idea behind ePortfoliosis close to that of eID. • Main features • central services with user-orientated storage approach; • two levels of security for the documents; • common system for all types of users; • user-centricity, with low level of required skills. A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment

7. Demonstration of the concepts: the tool A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment

8. Implication • What the toolguarantees: • User-centricity • Security and privacy • Mobility and easy interface • Trade-off with the current technologies • qrCode: because of the limits of the qrCode in terms of data storage, it has been necessary to simplify the process and store the eID on the server and link to it. This problem should be solved in the next five years with the evolution of the technologies relating to production and scanning of qrcodes. A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment

9. Future works • Immediate improvements: • Add other controls related to the validity of the eID (revocation list) • Improve the randomness of the link (waiting for improvements in the qr codes) • Fix minor bug relating to the generation of the system key. • Future improvements: • After an accurate series of testbeds (practical and theoretical), follow the results and improve the protocol where it needs. A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment

10. Acknowledgments and questions • We would like to thank LishaChen-Wilsontohaveallowedus the useofherprotocoltodevelopthis project. AND THANK YOU FOR BEING HERE! QUESTIONS? A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment

11. References [1] Chen-Wilson, L. and Argles, D.”Towards a framework of a secure e-Qualification certificate system” ICCMS, 2010, Sanya, China. [2] George Lorenzo and John Ittelson, “An overview of E-Portfolio” July 2005. [3] Vu AnhPham and Ahmed Karmouch, “Mobile Software Agents: An Overview”, IEEE Communications Magazine, 1998, Volume 36 Issue 7. [4]http://www.direct.gov.uk/en/TravelAndTransport/Passports/Applicationinformation/DG_174159/, accessed 30dec2010. [5]http://www.servizidemografici.interno.it/sitoCNSD/pagina.do?metodo=homePage&servizio=navigazione, accessed 30dec2010. [6]http://www.soton.ac.uk/sais/idstudio/idstudio.html, accessed 30dec2010. [7]http://www.unicreditbanca.it/it/privati/conti/genius/one/?idc=14626, accessed 30dec2010. [8]http://www.jisc.ac.uk/whatwedo/programmes/aim/ecert.aspx, accessed 30dec2010. [9]http://www.nfc-forum.org/specs/spec_list/#refapps, accessed 30dec2010. [10]http://www.denso-wave.com/qrcode/index-e.html, accessed 30dec2010. [11] NIST, Announcing the Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197, 2001. [12]http://developer.android.com/index.html, accessed 30dec2010. [13]http://agilemanifesto.org/, accessed 30dec2010. [14] Maarten W. vanSomeren, Yvonne F. Barnard, JacobijnA.C.Sandberg, “The thinkaloudmethod - A practical guide tomodelling cognitive processes”, Academic Press, London, 1994. A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment