WORK PACKAGE 1: MANAGEMENT AND COORDINATION

Task 1.1 – Project Management and Coordination.

The technical and administrative management of the project including all activities related to: 1) organization of internal tasks/events; 2) monitoring of tasks and milestones; and 3) management of resources and funding. The management team will exploit state-of the-art computer tools for project management. Internal management reports will be written every 3 months to keep track of project accomplishments, resources, deadlines, etc. The Management Board (MB) will serve as the interface with the EC for all issues concerning the project, it will supervise the partners for issues regarding payments, the timely delivery of documents, and will represent the project during external events. The MB will be responsible for quality control and overall assessment.

 

WORK PACKAGE 2: REQUIREMENTS AND SYSTEM ARCHITECTURE

Task 2.1 Business and technical requirements specification (M1-M12):

The following 2 business cases will be addressed (supplementary cases will also be considered). Online gambling use case (KZN). In the online gambling industry the laws and regulations are very strict. Users have to prove several attributes of his identity in order to be able to access betting services and casino games. Users have to present proofs of their identity and economic status, their age and various other attributes have to be also checked. A detailed analysis of the business case will be presented leaded by KZN. Bot-or-not / Fake news use case (CUT, LST). The use case is related to the bot-or-not pilot requirement that also applies to the problem of fake news dissemination, where users can prove that they are humans accessing online services and also that they do have credibility (sharing their profession for example) or having acquired good reputation (as an attribute) from previous posts. The goal is to effectively solve the information credibility problem on the Web by fusing user-related characteristics and publicly available information from various news sources. For each business scenario, we will define users, usage and business requirements. Part of this task is to translate the operational needs of the users in technological requirements.

Task 2.2 Ethical, legislative, confidentiality, safety, privacy and cybersecurity barrier issues investigation (M1-M9):

The main goal is to gather the key ethical concerns and requirements that arise when new types of technology are introduced to all end-user groups. A Data Management Plan will be generated and maintained for the whole project lifetime addressing in full the lifecycle of the data to be generated.

Task 2.3 Reference architecture (M6-M18):

It provides a high level breakdown of the system into building blocks arguably including (but not restricting to) the following: Identity Acquisition, Verification and Integration – is responsible for acquiring physical characteristics or documentation of the users that can be transformed into independent identity attributes, such as his passport, his hand signature, his face, his address, etc. It uses trusted software and hardware paths on the devices in order to securely and verifiably capture images and locations. The attributes are then verified using peer-to-peer verification as well as advanced automated procedures. After verification the identity attributes are normalized and confidence scores are calculated in order to get integrated to the INCOGNITO platform. Privacy-Preserving Attribute-based Access Control – uses privacy-preserving ABAC cryptographic protocols to allow provers (users) to show to verifiers only the parts of their identity that are relevant to the purpose of the authentication. It also employs usable mobile and web tools to empower uses with the ability to monitor and control how much identity information is leaked to the verifiers. Identity Management – uses centralized and decentralized techniques (i.e., blockchain technology) in order to store users’ identity attributes and help them manage them. Also, it allows the users to create easily shareable verifiable profiles that can be used to prove specific identity attributes. Furthermore, as the front-end of the underlying infrastructure we will incorporate an Advanced UI/UX AI-based assistant that will guide the end-users through the process of managing their identity aspects in a highly intuitive manner.

WORK PACKAGE 3: QUALIFIED ANONYMITY

Task 3.1 Integration of anonymous credentials with federated identities (M6-M24):

his task is to specify techniques and solutions that provide support for the use of qualified anonymous credentials for authentication and authorization of the users through the use of pseudonyms and techniques to ensure unlinkability and untraceability of the activities of the users. On the other hand, it will develop the appropriate components devised to provide support of qualified anonymous credentials on the online services side by means of the definition and verification of adequate ABAC policies. In addition, this task will take care of integrating the proposed anonymous credentials with existing device-centric authentication solutions, such as FIDO.

Task 3.2 Design and implementation of Trusted Computing software stack for enhanced security of anonymous credential protocols
(M12-M36):

This task will leverage trusted computing technologies for enhanced security and privacy of anonymous credentials solutions such as Idemix. It will pinpoint the crucial, from a security point-of-view, functionality of anonymous credentials and develop specialized software that will be executed in a TEE using Intel SGX and ARM TrustZone technologies. Open source solutions such as OpenTEE and OpenSGX will be considered for development.

Task 3.3 Integration of qualified anonymity infrastructure with anonymization networks (M18-M36):

In this task, the developed protocol stack and infrastructure for QA will be further enhanced by incorporating network layer anonymity using the Tor technology. This will allow end-users to stay anonymous in the network layer, thus avoiding possible de-anonymization attacks on the network layer.

 

WORK PACKAGE 4: IDENTITY ACQUISITION, INTEGRATION AND MANAGEMENT

Task 4.1 Identity Acquisition of multiple soft proofs of identities and Identity integration engine (M7- M24):

This task involves the development of a user-friendly, secure and quick identity acquisition, validation and integration procedure that includes the:
·Design and implementation of web and mobile interfaces for acquiring and verifying identity attributes from multiple soft proofs of identities (such as national ID cards, utility bill, university certificate, etc.) and online
accounts. The underlying developed software will leverage the NFC protocol to easily, quickly and securely acquire identity attributes from RFID-enabled proofs of identity (e.g., ePassports).
·Design and implementation of a framework for integrating and normalizing, with high confidence, identity
attributes obtained from multiple diverse types of schemes and/or resources.
·Incorporation of biometric features included in identity documents. Alternative solutions will be investigated
using digital signatures extracted from QR-codes and barcodes. The developed solutions will provide the notion
of document-to-device authentication.


Task 4.2 Decentralized identity management using blockchain technology (M12-M36):

This task will design
and implement a distributed system for managing identity attributes in a privacy-preserving manner. Specifically, we will leverage the blockchain technology, in order to provide a distributed PKI which will offer two different identity management solutions:
i) Eponymous password-less access to services using identity attributes: End-users
will be able to access services only by proving the ownership of their identifier using the blockchain based PKI;
ii) Anonymous password-less access to services using identity attributes (with QA): As previously, end users will
be able to access the blockchain for decentralized identity management but with the help of anonymous credentials to maintain their anonymity. The performance of the developed decentralized identity management solution will be evaluated and compared to the traditional centralized services.

Task 4.3 User-friendly consent management platform (M18-M36):

This task involves the development of a consent management platform (mobile and web interface) where the user will be able to define his preferences over the reveal or transfer of his identity attributes to various entities of the ecosystem. To achieve this, we will leverage the UMA protocol which is based on OAuth 2.0. Also, we will focus on the UI/UX of the developed platforms and we will make multiple iterations of the implemented interface by considering feedback that will be obtained by end-users.

 

WORK PACKAGE 5: ADVANCED UI/UX AI-BASED ASSISTANT

Task 5.1 Natural Language Understanding pipeline through verbal cues (M8-M40):

The goal of this task is to design a Natural Language Understanding pipeline, tailored to the specific characteristics of the type of service requests addressed by INCOGNITO. This pipeline will be presented with user queries about what actions to take, and will be generating appropriate answers regarding the appropriate set of actions to be undertaken, in natural language.

Task 5.2 Endow the pipeline with appropriate re-adaptation mechanisms, driven by user input (M18-M40):

We will implement and incorporate into our deep learning pipeline, developed in T5.1, appropriate mechanisms that allow for further encapsulating user logic behind the identity management tasks; this will be effected by leveraging user input. Specifically, the main goal of this task is to allow for the developed models to dynamically extend and readapt their action suggestions, by leveraging explicit user instructions, as well as implicit user-provided feedback on the model’s previous suggestions.

Task 5.3 UI/UX and performance assessment of the developed AI assistant (M24-M42):

This task aims to assess the performance and user experience with regard to the developed AI assistant. During the development and
deployment of the developed AI assistant, we will use human-computer interaction evaluation techniques and methods to assess the user experience of prospective users interacting with the assistant. Our evaluation will also compare the effectiveness, efficiency and satisfaction of end-users when using the developed assistant versus a web interface for identity management

 

WORK PACKAGE 6: PLATFORM REALIZATION AND INTEGRATION

Task 6.1 System-level Prototype and Integration Platform (M18-M42):

This task creates the system prototype and the Integration Platform on which it will run. It starts from WP2, and following the system architecture it will define the software components that will be integrated. The Integration Platform represents the environment on which all the software components will run, components that are either implemented in INCOGNITO or are reused from other projects. It will use the experience gathered in ReCRED, deploying collaborative tools (Phabricator, GIT, Jenkins) and software development methodology. The employed tools are open source and mature enough to be used in production environments, while most of the consortium members are already familiar with them. This provides minimum time to set-up the working environment and allows the partners to focus on technical tasks.

Task 6.2 Qualified Anonymity components integration (M24-M42):

This task integrates the anonymous credential services using federated identities, taking advantages of the TEE, available in the ARM or Intel SGX technologies, to protect the private keys of users. Moreover, it covers the integration of qualified anonymity infrastructure with anonymization networks.

Task 6.3 Identity Acquisition and Management and Consent Management (M20-M40):

In this task we will integrate the component modules of the Identity Acquisition and Identity management platform developed in WP4.

Task 6.4 Advanced UI/UX AI-based assistant (M24-M42):

In this task, we will integrate the AI-based assistant that will guide the end-user through the various aspects and tasks for managing his identity.

 

WORK PACKAGE 7: PILOTS AND EVALUATION

Task 7.1 Pilot 1: Online gambling pilot (M35-M48):

This task involves the deployment of a pilot where KZN will offer users the possibility to register to a service for online gambling purposes using the INCOGNITO technologies for Identity acquisition and to leverage the developed qualified anonymity framework to access the online service.

Task 7.2 Pilot 2: Fake news dissemination (M35-M48):

This task will deploy a pilot where the bot-or-not requirements will be demonstrated, in particular under the use case of the dissemination of fake news, a highly emerging problem on the web. INCOGNITO platform will be used in conjunction with popular online social networks or news aggregators, such as Reddit, to verify real human users and assess the credibility of their posts. CUT and LSTECH will lead this pilot.

Task 7.3 End user experience assessment (M40-M48):

This task investigates HCI issues involved in the usability of the INCOGNITO platform, using both initial focus groups and field surveys as well as real users of the pilots. The UX design process will also provide the necessary empirical data and analysis to reach an HCI solution that enables users to visually assess whether their privacy and anonymity is or is about to be compromised, as result of presenting attribute credentials to specific verifiers.

 

WORK PACKAGE 8: EXPLOITATION AND DISSEMINATION

Task 8.1 Dissemination and communication activities, material and publication policy (M1, M48):

Handling of all the activities related to the scientific dissemination of the results of the project. The project results will be presented to the scientific community through publications in journals, conferences, and workshops, as well as through demos and participation in industrial/ commercial exhibitions and congresses. All published material will also appear in the project’s website that will be set up for dissemination purposes. Joint meetings with other projects will be planned. Three workshops will be organized during the project. CUT and UPRC will disseminate the scientific results of the project in high-profile scientific venues.

Task 8.2  Standardization actions, IPR & innovation management. (M24-48):

Ensuring the visibility of the project and its results in organizations and technical specification groups in the areas of security, privacy, and big data management. The activities of related groups will be closely monitored and members will participate in relevant meetings. Dealing with the protection of the intellectual property produced during the project.

Task 8.3  Feasibility Studies, Business Model, Market Opportunities, and Exploitation Plan (M24-M40):

Analysis of the results of the project from a business perspective, and identification of business cases for the exploitation of the results. A detailed exploitation plan for each industrial partner will be presented. LST will lead the exploitation efforts. LST and KZN will create marketing material (white papers, product brochures, promotional activities, webminars, etc.) to assist their sales force to implement aggressive sales plans.