Privacy enhanced data management for an electronic identity system

Abstract

The electronic identity (eID) is being positioned to be a basic tool for identification, authentication and authorization in application domains ranging from eCommerce in private sector to eGovernance in public sector. A practical and flexible eID should be usable in both a network-connected online setting as well as in conventional offline situations. While improving security of communication and enhancing access control to resources, eID schemes also have the potential to become a serious negative factor on user privacy rights. This paper discusses the specific issue of privacy protection in eID systems and considers a range of solutions that could be implemented in a privacy-enhanced eID system featuring both data access and data management.