A framework for identity and privacy management on mobile devices

Abstract

More and more online services require user identification. This increases time to fill out extensive forms and results in large amounts of login and identification data to remember. At the same time the number of users that need access to those service while roaming is equally increasing. However, unfortunately many users are not aware that there is a high risk of loosing privacy when disclosing information about oneself’s identity in an unregulated way. To counteract this and to help users in managing and maintaining related identity data, so-called Identity Management Systems have been developed. While available solutions are mainly built for fixed environments, dependencies to central storages and processing units make them unsuitable for application into mobile environments. Thus, a more flexible solution is necessary that supports roaming users with privacy-sensitive handling of identification processes in online transactions. On this background, the project goal was an extension of the Identity Management System concept with mobility aspect. A framework for identity and privacy management on mobile devices, consisting of a procedural method, privacy and security protocols and a user tool has been specified to give users full control over their identity data in flexible and privacy-friendly ways. Thereby, the method has been defined to describe the overall process sequence. The supporting protocols then have been specified to provide ways for users and Service Providers to agree on applied data management practices, enable automated disclosures of identity data and guarantee secure and anonymous transmissions. Finally the tool has been defined to present an application to be installed on mobile phones that integrates the method and the protocols into a user-centered system architecture. Based on an engineering paradigm in combination with the first part of a six-step development strategy, this project covers the background research, requirements and specifications and design and development. This means that the final rollout of the proposed framework solution needs to be handed over to programmers in a possible project continuation. Those are then responsible for subsequent coding, testing and deployment. After requirements and specifications had been derived, the framework has been successfully developed. While the user tool is responsible for all procedures on the mobile phone, a particular network infrastructure design allows secure transmissions by maintaining user anonymity. The solution is developed and the deployment prepared to such detail that programmers can directly start coding and testing. As a conclusion, this project revealed several interesting and new aspects in the combined areas of identity, privacy and mobility. The solution fully meets all defined functional and non-functional requirements. As an application on mobile phones, the proposed framework allows privacy-sensitive handling of identity data in online transactions. Together with mechanisms for data management and maintenance before and after disclosure, it increases user flexibility, simplifies online identification and decreases processing time.