In a digital world, electronic transactions require secure digital identities (also known as electronic identities or eID). The legal framework for Spain, as a European country, is the eIDAS (electronic IDentification, Authentication and trust Services) regulation 910/2014. The revision in 2021 of eIDAS established the requirements for the European Digital Identity Wallet (EUDIW). The Commission's aim is that by 2030, 80% of the population within the Union will have this European digital identity and will be able to use it for accessing both private and public services in any Member State. The European scope is to develop wallets that give full control to users on their personal data to share with third parties, and keep track of such sharing, as can be done by Self-Sovereign Identity (SSI) wallets.
The wallet should be univocally associated to its true owner (holder) so that any other people should be unable to hold that identity. This is known as holder binding. Also, the credentials (group of claims about the holder) should be univocally associated to its true wallet, that is, they should not be able to be used by any other wallet owned by other people. This is known as device binding. The project HighLoAwallet will develop SSI wallets with high Level of Assurance (LoA) by using novel crypto-biometric techniques and hardware-enabled solutions that protect these bindings against attacks with high potential, and against duplication and tampering.
The crypto-biometric techniques will ensure verifiability, privacy, and long-term security of multi-modal biometric data associated with the wallet holder. The identity proofing process will verify that the applicant is the physical person identified by the presented multi-modal biometric data, thus ensuring a verifiable physically holder binding. The identification process will be private because intermediate actors should not be able to obtain information about the protected biometric data, which will feature irreversibility, revocability, and unlikability, following the ISO/IEC 24745 standard. The long-term security will be achieved by the use of cryptographic algorithms selected in the NIST Post-Quantum Cryptography Standardization Process.
Since requiring every citizen to own a flagship device with hardware security modules implementing his/her high LoA wallet does not seem realistic, the project HighLoAwallet will employ a remote trusted hardware in the cloud, which is more flexible and cost-effective. The hardware will be identified by the presented responses of Behavioral and Physical Unclonable Functions (BPUFs), thus ensuring a verifiable physically device binding that will avoid counterfeit wallet components and locations outside Europe of personal data. The wallet identification will be private and the BPUF responses will be protected with post-quantum cryptography. The cryptographic and biometric algorithms will be executed in a hardware-enabled secure environment.
Since the wallet will be implemented as a web or hybrid application, the project HighLoAwallet will ensure the remote interactions between holder and wallet (with adequate web authentication), wallet and issuer (with adequate credential issuance), and wallet and verifier (with adequate verifiable presentation). A prototype of SSI wallet with high LoA including the developments achieved in the project will be developed and evaluated in a selected use case.
Advertising and communication:
Project PID2023-150809OB-I00 funded by MICIU/AEI/10.13039/501100011033 and FEDER, UE