Abstract
Protection goals such as confidentiality, integrity and availability have proved to be successful in evaluating information security risks and choosing appropriate safeguards. The recently developed privacy-specific protection goals unlinkability, transparency and intervenability complement these classic goals and thereby provide cornerstones to define requirements concerning information security as well as privacy and to assess solutions. This text focuses on the application of the three new protection goals to eID systems such as government-issued electronic identity cards in different settings.
The research leading to these results has received funding from the European Community’s Seventh Framework Programme (FP7/2007-2013) under grant agreement n° 257782 for the project Attribute-based Credentials for Trust (ABC4Trust) as part of the “ICT Trust and Security Research” theme.
Chapter PDF
Similar content being viewed by others
References
Dobias, J., Hansen, M., Köpsell, S., Raguse, M., Roosendaal, A., Pfitzmann, A., Steinbrecher, S., Storf, K., Zwingelberg, H.: Identity and Privacy Issues Throughout Life. In: Camenisch, J., Fischer-Hübner, S., Rannenberg, K. (eds.) Privacy and Identity Management for Life, ch. 4, pp. 87–110. Springer, Berlin (2011)
Grönlund, Å.: Electronic identity management in Sweden: governance of a market approach. Identity in the Information Society 3(1), 195–211 (2010), doi:10.1007/s12394-010-0043-1
Rost, M., Pfitzmann, A.: Datenschutz-Schutzziele – revisited. DuD 33(12), 353–358 (2009)
Rost, M., Bock, K.: Privacy By Design und die Neuen Schutzziele – Grundsätze, Ziele und Anforderungen. DuD 35(1), 30–35 (2011)
Schleswig-Holsteinisches Gesetz zum Schutz personenbezogener Informationen (Landesdatenschutzgesetz - LDSG -). Version after the last change that has been published in: Gesetz- und Verordnungsblatt für Schleswig-Holstein, GVOBl. SH (2), 78–82 (2012), https://www.datenschutzzentrum.de/gesetze/ldsg.html
Hedbom, H., Schallaböck, J., Wenning, R., Hansen, M.: Contributions to Standardisation. In: Camenisch, J., Fischer-Hübner, S., Rannenberg, K. (eds.) Privacy and Identity Management for Life, pp. 479–492. Springer, Berlin (2011)
Federrath, H., Pfitzmann, A.: Gliederung und Systematisierung von Schutzzielen in IT-Systemen. DuD 24(12), 704–710 (2000)
Parker, D.B.: Toward a New Framework for Information Security. In: Bosworth, S., Kabay, M.E. (eds.) The Computer Security Handbook, 4th edn. John Wiley & Sons, New York (2002), http://www.computersecurityhandbook.com/csh4/chapter5.html
Wolf, G., Pfitzmann, A.: Properties of protection goals and their integration into a user interface. Computer Networks 32(6), 685–700 (2000)
Common Criteria for Information Technology Security Evaluation, Part 2: Security functional components, version 2.1, CCIMB-99-032 (1999), http://www.commoncriteriaportal.org/files/ccfiles/ccpart2v21.pdf
Common Criteria for Information Technology Security Evaluation, Part 2: Security functional components, version 3.1, Revision 3, CCMB-2009-07-002 (2009), http://www.commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R3.pdf
Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management (2010), http://dud.inf.tu-dresden.de/Anon_Terminology.shtml
Rost, M.: Datenschutz in 3D – Daten, Prozesse und Schutzziele in einem Modell. DuD 35(5), 351–355 (2011)
Kubicek, H., Noack, T.: Different countries-different paths extended comparison of the introduction of eIDs in eight European countries. Identity in the Information Society 3(1), 235–245 (2010), doi:10.1007/s12394-010-0063-x
Martens, T.: Electronic identity management in Estonia between market and state governance. Identity in the Information Society 3(1), 213–233 (2010), doi:10.1007/s12394-010-0044-0
Heichlinger, A., Gallego, P.: A new e-ID card and online authentication in Spain. Identity in the Information Society 3(1), 43–64 (2010), doi:10.1007/s12394-010-0041-3
European Commission: Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). COM (2012) 11 final. Brussels, January 25 (2012), http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf
Cavoukian, A., et al.: Privacy by Design Resolution. In: 32nd International Conference of Data Protection and Privacy Commissioners, Jerusalem, Israel, October 27-29 (2010), http://www.ipc.on.ca/site_documents/pbd-resolution.pdf
Skinner, G., Chang, E.: PP-SDLC – The privacy protecting systems development life cycle. In: Milutinovic, V. (ed.) Proceedings of the IPSI Conference (2005), http://www.scientificcommons.org/8096648
Storf, K., Hansen M., Raguse M. (eds.): Requirements and concepts for identity management throughout life. PrimeLife Deliverable H1.3.5, Zürich (2009), http://www.primelife.eu/images/stories/deliverables/h1.3.5-requirements_and_concepts_for_idm_throughout_life-public.pdf
Krontiris, I. (ed.): Architecture for Attribute-based Credential Technologies – Version 1. ABC4Trust Deliverable D2.1, Frankfurt/Main (2011), https://abc4trust.eu/index.php/pub/107-d21architecturev1
Zwingelberg, H.: Necessary Processing of Personal Data: The Need-to-Know Principle and Processing Data from the New German Identity Card. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity 2010. IFIP AICT, vol. 352, pp. 151–163. Springer, Heidelberg (2011), doi:10.1007/978-3-642-20769-3_13
Fischer-Hübner, S., Zwingelberg, H. (eds.): UI Prototypes: Policy Administration and Presentation – Version 2. PrimeLife Deliverable D4.3.2, Zürich (2010), http://www.primelife.eu/results/documents/115-432d
Wästlund, E., Fischer-Hübner, S. (eds.): End User Transparency Tools: UI Prototypes. PrimeLife Deliverable D4.2.2, Zürich (2010), http://www.primelife.eu/results/documents/113-422d
Hasso-Plattner-Institut für Softwaresystemtechnik: Vom Client zur App – Ideenkatalog zur Gestaltung der Software zum Einsatz des neuen Personalausweises, Berlin (2011), http://www.personalausweisportal.de/SharedDocs/Downloads/DE/Begleitstudien/Studie_Usability_Volltext.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Zwingelberg, H., Hansen, M. (2012). Privacy Protection Goals and Their Implications for eID Systems. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2011. IFIP Advances in Information and Communication Technology, vol 375. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31668-5_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-31668-5_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31667-8
Online ISBN: 978-3-642-31668-5
eBook Packages: Computer ScienceComputer Science (R0)