MobCom, a mobile companion
There is undoubtedly an increasing trend towards mobile communications and mobile applications. Due to their multiple capabilities, mobile devices such as smartphones are an ideal platform for protecting and managing our multiple identities for a broad range of applications and services (e.g., e-commerce, e-health, and e-government). For this purpose, however, several security, privacy, and technological challenges need to be addressed.
The Mobile Companion (MobCom) project tries to overcome such challenges and to transform mobile devices into powerful, flexible and user friendly tools to manage our identities in a privacy-friendly way. The mobile companion will become the natural user interface in a ubiquitous computing environment, through which users will access services and perform their daily transactions.
The MobCom project focuses on 6 research areas: (1) policies, policy languages, policy enforcement, (2) cryptographic protocols, (3) user and device attestation, (4) system architecture, (5) profiling, and (6) application design methodology. Based on these research areas, the main project's objectives are:
- The development of feature rich mobile electronic identities consisting of classical identity data (e.g., eID) and privacy-friendly identities based on anonymous credentials (e.g., Idemix).
- The creation of a distributed secure architecture supporting the exchange of identity data between devices, and between devices and services under control of the users.
- The integration of user-friendly methods for user authentication, and device and user attestation based on biometrics and advanced cryptographic protocols.
- The design and implementation of a infrastructure and development framework to facilitate the creation of privacy-preserving mobile applications.
- The demonstration of the use of mobile electronic identities for specific use cases in the areas of flexible access control, context-based services and loyalty cards and vouchers.
This project provides the opportunity for an in-depth study of these issues and will integrate the research results into a reusable security and software architecture. Throughout the research, a continuous validation in a real-world setting will provide suitable feedback to ensure the usability of the architecture and hence, its valorization potential.