Digital identity can be defined as the digital representation of the information known about a specific individual or organization. As such, it encompasses not only login names (often referred to as nyms), but many additional information, referred to as identity attributes or identifiers. The management of identity attributes raises a number of challenges, due to conflicting requirements. On the one hand, identity attributes need to be shared to speed up and facilitate authentication of users and access control. On the other hand, they need to be protected as they may convey sensitive information about an individual and can be a target of attacks like identity theft. Here, by identity theft we mean the act of impersonating others’ identities by presenting stolen identifiers or proofs of identities. The problem of identity theft, that is, the act of impersonating others’ identities by presenting stolen identifiers or proofs of identities, has been receiving increasing attention because of its high financial and social costs. In our project we address the problem of verification of such identifiers and proofs of identity by developing a solution for federated organizations.

VeryIDX is digital identity management framework based on the concept of privacy preserving multi-factor verification.

The VeryIDX project explores research issues concerning the privacy-preserving and secure management of digital identities, including multi-factor authentication of identity attributes, identity interoperability, and provenance. Other topics being explored in the project include context-aware authentication and access control, privacy-preserving content distribution techniques based on identity attributes, and identity management for health care applications. Results of our research are implemented in the VeryIDX system and in other prototypes.

• Electronic Healthcare
  
• Mobile-based Commerce
  

• VeryIDX framework
• VeryIDX NFC mobile phone clients
• I3P Project for Healthcare

2009

• VeryIDX- A Privacy Preserving Digital Identity Management System for Mobile Devices. Demo paper.
  Federica Paci, Ning Shang, Kevin Steuer Jr, Rutchith Fernando, Elisa Bertino.
  In Proceedings of International Conference on Mobile Data Management, Systems, Services and Middleware, Taipei, Taiwan, May 18-20, 2009.
• An Interoperable Approach to Multi-factor Identity Verification.
  Federica Paci, Rodolfo Ferrini, Andrea Musci, Kevin Steuer Jr, Elisa Bertino.
  To appear in IEEE Computer Special Issue April 2009 - Interoperable Identity Management Systems.
• Secure Transactions’ Receipts Management on Mobile Devices.
  Federica Paci, Ning Shang, Elisa Bertino, Kevin J. Steuer, Jungha Woo
  In Proceedings of Symposium on Identity and Trust on the Internet (IDtrust Symposiums), NIST, Gaithersburg, MD, April 14-16, 2009
  
• Digital Identity Protection - Concepts and Issues.
  Elisa Bertino, Federica Paci, Ning Shang.
  Invited paper. In Proceedings of the Forth International Conference on Availability, Reliability and Security (ARES), Fukuoka, Japan, March 16-19, 2009

2008

• A Federated Digital Identity Management Approach for Business Processes.
  Elisa Bertino, Rodolfo Ferrini, Andrea Musci, Federica Paci, Kevin J Steuer.
  Invited paper. In Proceedings of the 4th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), Orlando, Florida, November 2008.
• VeryIDX- A Digital Identity Management System for Pervasive Systems.
  Federica Paci, Elisa Bertino, Sam Kerr, Aaron Lint, Anna Squicciarini, Jungha Woo.
  Invited paper. In Proceedings of 6th IFIP Workshop on Software Technologies for Future and Embedded Ubiquitous Systems (SEUS), Capri, Italy, 1-3 October, 2008.
• History-based Identity Verification and Management
  Abhilasha Bhargav-Spantzel, Jungha Woo, Anna cinzia Squicciarini, Elisa Bertino
  Submitted for publication to Journal of Computer Security, Feb 2008,pdf
• Verification of Receipts from M-commerce Transactions on NFC cellular phones
  Abhilasha Bhargav-Spantzel, Jungha Woo, Anna cinzia Squicciarini, Elisa Bertino
  IEEE CEC 2008, Jan 2008,pdf slide

2007

• Transaction History based trust establishment in VeryIDX
  Jungha Woo
  Master thesis submitted to the Purdue University Graduate School , Dec 2007
• Receipt Management- Transaction history based receipt management
  Abhilasha Bhargav-Spantzel, Jungha Woo, Elisa Bertino
  Workshop On Digital Identity Management, Proceedings of the 2007 ACM workshop on Digital identity management, Nov 2007,Pages: 82 - 91 pdf

2006

• Establishing and Protecting Digital Identity in Federation Systems
  Abhilasha Bhargav-Spantzel, Anna C. Squicciarini, Elisa Bertino.
  Published in Journal of Computer Security 2006.

• Privacy Preserving Multi-Factor Authentication with Biometrics
  Abhilasha Bhargav-Spantzel, Anna C. Squicciarini, Elisa Bertino.
  Published in the proceedings of ACM CCS workshop on Digital Identity Management 2006.

• Practical Identity Theft Prevention using Aggregated Proof of Knowledge
  Abhilasha Bhargav-Spantzel, Anna C. Squicciarini, Rui Xue, Elisa Bertino.
  CERIAS TR 2006-26

2005

• Establishing and Protecting Digital Identity in Federation Systems
  Abhilasha Bhargav-Spantzel, Anna C. Squicciarini, Elisa Bertino.
  CERIAS TR 2005-48, Published in the proceedings of ACM CCS workshop on Digital Identity Management 2005.

Professor Elisa Bertino
Purdue University
Computer Science Department
305 N.University Street
West Lafayette, IN 47907

This is the homepage for the VeryIDX research group at Purdue University.