Responsable: Iluminada Baturone Castillo
Tipo de Proyecto/Ayuda: Programa Estatal de I+D+i Retos de la Sociedad: Pruebas de Concepto
Referencia: PDC2023-145873-I00
Fecha de Inicio: 01-01-2024
Fecha de Finalización: 31-12-2025

Empresa/Organismo financiador/es:

• Ministerio de Ciencia e Innovación

Equipo:

• Equipo de Investigación:
  • María del Rosario Arjona López
• Equipo de Trabajo:
  • Javier Arcenegui Almenara
  • Paula López González
  • Roberto Román Hajderek

Contratados:

• Investigadores:
  • Claudia Franco Moreno
  • Carlos Lancha Zarza
• Técnicos/Personal Administrativo:
  • Claudia Franco Moreno
  • Carlos Lancha Zarza

Resumen del proyecto:

The ability to establish individual digital identities of natural persons uniquely, accurately, quickly and securely is critical in our hyper connected digital world. The application considered in this project, the digital identity wallet, is the basis of the digital identity (also known as electronic identity or eID). In the case of Europe, the European Digital Identity (EUDI) wallets is part of the priority projects identified for the period 2019 - 2024 and is within the goals of the European Digital Agenda 2030. The European Commission's aim is that by 2030, 80% of the population within the Union will have this European digital identity and will be able to use it for accessing online services in any Member State.

To carry out an identification, the user of the wallet typically proves: (a) to know a unique secret (‘what you know’), (b) to have a unique possession (‘what you have’), and (c) to be a physical entity (‘who you are’). The use of two different authentication factors is mandatory in order to reach a substantial Level of Assurance (LoA). For LoA High, the eID solutions must be protected against attacks with high potential, and against duplication and tampering. As specified by ENISA (the European Union Agency for Cybersecurity), a LoA High can be achieved by embedding cryptographic key material in tamper-resistant hardware security module if possession-based authentication factors are used, and ensuring trusted environment if biometric data are used.

There are many platforms, like smartphones, that do not provide direct access to their Trusted Execution Environments (TEEs) but the authentication technology is proprietary of the platform manufacturer and their hardware solutions are not transparent. Currently, many proposals of EUDI wallets do not provide this high security or provide it by using a technology from outside the EU. The global objective of the Hard-ID-wallet project will be to provide the secure hardware solutions required by the cryptographic and biometric components of digital identity wallets. Hence, it will contribute to the Strategic Project of Microelectronics and Semiconductors, known as PERTE CHIP, in line with the European Chips Act.

Hard-ID-wallet will focus on developing the research results obtained in the project entitled “Trusted and post-quantum secure hardware for wallets of decentralized identities using bio and device metrics” that need to be transformed into a value creation process, in order to achieve: (1) the incorporation of the results based on Behavioral and Physical Unclonable Functions (BPUFs) and True Random Number Generators (TRNGs) into the secure hardware of the wallet; (2) the inclusion of the results on blockchain non-fungible tokens (NFTs) to allow the wallet to follow a decentralized model of identification; and (3) the inclusion of novel crypto-biometric algorithms to bind the wallet to its user, allowing its verification using a decentralized model with post-quantum security that preserves privacy.