In the project DRIM we research on basics, techniques and usage scenarios for Privacy Enhancing Identity Management. Partly based on previous work, the project has developed some software libraries, which can be downloaded from this website. The goal of the project is the developement of a functional identity management prototype. The prototype will be tested and evaluated in different usage scenarios. The following picture shows the general architecture of an identity management scheme.


What is Privacy Enhancing Identity Management?

Generally, identity management means managing the users personal data on his own PC/PDA/Mobile Phone. The identity management concept aims at supporting the user to act in different situations under different identities. By default, a third party can not link such an identity to a user. So, it is more difficult for third parties like web services or advertisement companies to build extensive profiles about a user without user's consent.

"Management" summarizes the following actions:

Wherefore is identity management useful?

When a user communicates on the Internet, the communication is visible on the net, and of course to the communication partner. Using unique identificators (e.g. IP-addresses, Cookies, ...), transactions can easily be linked to users, and extensive user profiles can be established. Today, users can hardly prevent building such profiles. Surveys show that this is a serious reason for low acceptance of Internet services.

By incorporating pseudonyms, digital certificates and trustee services, Privacy Enhancing Identity Mmanagement can be a solution for the problem shown. Users act on the internet under pseudonyms, but (authenticated) personal data can be linked to the pseudonym by certificates. So, service providers can get authenticated user data without neccessarily knowing the user's real identity. Incorporating trustee services, disclosing user identity is possible in substantial cases.

The system suffices user's as well as service provider's needs.


Marit Köhntopp, Andreas Pfitzmann: Informationelle Selbstbestimmung durch Identitätsmanagement; in: it+ti Informationstechnik und Technische Informatik, Schwerpunktthema "IT-Sicherheit" 5/2001; Oldenbourg Wissenschaftsverlag, München, September 2001; 227-235

Sebastian Clauß, Marit Köhntopp: Identity Management and Its Support of Multilateral Security; in: Computer Networks 37 (2001), Special Issue on Electronic Business Systems; Elsevier, North-Holland 2001; 205-219

Marit Hansen collected an extensive set of publications about identity management.

More information about identity management can be found at the Independent Center for Privacy Protection Schleswig-Holstein .


Sebastian Clauß
Hans-Grundig-Straße 25
Room 115
D-01307 Dresden

Thomas Kriegelstein
Hans-Grundig-Straße 25
Room 115
D-01307 Dresden

E-Mail: sebastian.clauss@tu-dresden.de
Fax: +49 (0) 351 463-38255