Papers
Topics
Authors
Recent
2000 character limit reached

Secure and Privacy-Preserving Authentication for Data Subject Rights Enforcement

Published 24 Apr 2024 in cs.CR | (2404.15859v1)

Abstract: In light of the GDPR, data controllers (DC) need to allow data subjects (DS) to exercise certain data subject rights. A key requirement here is that DCs can reliably authenticate a DS. Due to a lack of clear technical specifications, this has been realized in different ways, such as by requesting copies of ID documents or by email address verification. However, previous research has shown that this is associated with various security and privacy risks and that identifying DSs can be a non-trivial task. In this paper, we review different authentication schemes and propose an architecture that enables DCs to authenticate DSs with the help of independent Identity Providers in a secure and privacy-preserving manner by utilizing attribute-based credentials and eIDs. Our work contributes to a more standardized and privacy-preserving way of authenticating DSs, which will benefit both DCs and DSs.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (9)
  1. EDBP: Dutch SA fines DPG Media Magazines for unnecessarily requesting copies of identity documents | European Data Protection Board (2022), https://edpb.europa.eu/news/national-news/2022/dutch-sa-fines-dpg-media-magazines-unnecessarily-requesting-copies-identity_en
  2. ENISA: Engineering Personal Data Sharing, https://www.enisa.europa.eu/publications/engineering-personal-data-sharing
  3. European Commission: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on European data governance (Data Governance Act), cOM/2020/767 final
  4. European Commission: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on harmonised rules on fair access to and use of data (Data Act), sEC(2022) 81 final - SWD(2022) 34 final - SWD(2022) 35 final
  5. European Commission: Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, http://data.europa.eu/eli/reg/2014/910/oj
  6. European Commission: European data strategy – Making the EU a role model for a society empowered by data. https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/european-data-strategy_en (2022)
  7. European Commission: EU Digital Identity Wallet Pilot implementation (2023), https://digital-strategy.ec.europa.eu/en/policies/eudi-wallet-implementation
  8. European Commission: The Common Union Toolbox for a Coordinated Approach Towards a European Digital Identity Framework (Jan 2023), https://ec.europa.eu/newsroom/dae/redirection/document/93678
  9. OASIS Open: SAML Version 2.0 Errata 05 (May 2012), http://docs.oasis-open.org/security/saml/v2.0/errata05/os/saml-v2.0-errata05-os.html

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now

Whiteboard

Paper to Video (Beta)

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Authors (2)

  1. Malte Hansen 
  2. Andre Büttner 

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up for Free