Resumen de Digital identity management: a key factor on the pursuiit of privacy and the fight against cybercrime
M. Cristina Timón López, Ignacio Alamillo Domingo, Julián Valero Torrijos
The increasing number of actions that take place in the cyberspace, replacing traditional processes based on physical presence, has led to the transformation of identity management systems accordingly to the challenges raised by digitalisation. In this context, the emergence of a digital identity has arisen new specifications for identification processes that have been mostly coveredby identity providers, who play a key role for individuals’ identification in Information Society. These providers have become a focus of cyberattacks aimed to steal the personal data stored by thereof, or to directly impersonate their users. Notwithstanding the fact that identity related crime is wide spreading through different techniques in a global scale, the services provided, as well as the providers offering them, lack of a comprehensive regulation. In addition, traditional delegated identity managementsystems suffer from excessive data collection and centralization of information, as well as deficient security measures for ensuring data privacy. The University of Murcia has already participated in a previous research project concerning theseissues, H2020 ARIES1, and has continued the study through the coordination of H2020 OLYMPUS project2. These projects aim to hinder identity theft by increasing security through strongermechanisms for verifying user’s identity before providing authentication (e.g. biometrics) or adding a higher level of security for users’ credentials by implementing a novel architecture based on identity provider virtualisation and password disaggregation. This paper aims to develop the legal grounds for the technologies proposed by the abovementioned EU projects, with particular attention to existing regulations, such as the GDPR or eIDAS, which may constitute the basis for developing a specific regulation for these new privacy-enhanced identification systems. Reusing the eIDAS Regulation security and interoperability rules would allow the recognition of these enhanced identity management services in the whole European Union, contributing to the Digital Single Marketobjective.
