CREDENTIAL - Secure Cloud Identity Wallet

01/10/2015 to 30/09/2018


The main ambition of the Horizon 2020 project CREDENTIAL is to realize an end-to-end secure and privacy-preserving platform for managing and storing users' digital identity information, ranging from authentication credentials over medical reports to tax data or similar. Using strong cryptographic mechanisms, high authenticity guarantees shall be made, while at the same time users should be able to determine which of their data goes where on a very fine granular level.

Who is the project designed for?

On the one hand, the CREDENTIAL project targets cloud and identity providers who are interested in extending their portfolio with privacy enhanced and authentic data sharing services by leveraging the software developed in the project. On the other hand, CREDENTIAL targets service providers to learn how they can indirectly benefit from the CREDENTIAL Wallet service by registering as a receiving endpoint for authentic user data, thus providing more trustworthy eBusiness solutions.

Additionally, the privacy-preserving features of the CREDENTIAL platform also make it very attractive to public bodies who are interested in extending their portfolio of eGovernment or eHealth applications for citizens.

How will your project benefit the end-user?

Existing identity and access management services essentially require a user to choose between the benefits of using cloud-based services and privacy: on the one hand, users can put their identity information into the cloud and let it be managed, e.g. by social media or search engine providers, who have full access to the user’s identity information and can trace all of their interactions. On the other hand, users can keep their identity information local, requiring them to keep local state and transfer this state to each single device from which they want to authenticate themselves to a service, resulting in worse usability and flexibility.

Our approach combines the best of both worlds. If the users’ data are stored in the CREDENTIAL Wallet, these are protected as a preventive measure by strong cryptography from the most prevailing threats in cloud computing, even from the provider itself. At the same time, data is easily accessible anywhere, anytime, and all communication devices without complex synchronization and configurations work. In essence, the project provides a versatile and easy-to-use solution to securely manage personal data in the Internet.

Please briefly describe the results your project achieved so far

During the last two and a half years, the CREDENTIAL Wallet as the central platform for administering a user's personal data has been implemented. Furthermore, pilots from the domains of eHealth, eBusiness, and eGovernment have been implemented.

The eGovernment use case lets the user authenticate himself towards public services in a privacy-preserving way, such that only the minimum amount of information is revealed to the service provider, and the data is at no point revealed to the CREDENTIAL Wallet. One use case of the eBusiness pilot allows for forwarding encrypted emails to a deputy, e.g., in case of absence, without having to share the secret decryption key with anybody, but by providing the mail server with an ephemeral key that can solely be used to translate emails encrypted for the original receiver to messages encrypted for the deputy. Finally, the eHealth pilot lets patients dynamically share their health data (e.g., blood sugar or blood pressure measurements, weight, etc.) with their doctors, who in turn can provide feedback back to the patients, without the CREDENTIAL Wallet learning anything sensitive.

At this point, all pilots are fully functional and are currently undergoing profound security and usability tests.

What are the next steps for your project?

The last phase of the CREDENTIAL project is dedicated to sanitizing the current implementations with regard to security, usability, and scalability, and in parallel to paving the way to a successful exploitation of the results after the project ends.

Project type:


A Holistic framework: Business Process Re-engineering and functional toolkit for GDPR compliance

BPR4GDPR is one of the GDPR cluster projects that will provide a holistic framework able to support end-to-end GDPR-compliant intra- and interorganisational ICT-enabled processes at various scales, while also being generic enough, fulfilling operational requirements covering diverse application domains. Read this to find out more.

Future Events

IAM Online Europe live webinar - AARC Extensions to the REFEDS Assurance Framework

AARC is holding a live webinar on 27 June 2019 at 15:00 CEST, that will explain extensions to the REFEDS Assurance Framework and implementations that were devised in the AARC project.

Representation of the State of Hessen to the EU
04/07/2019 to 05/07/2019

Project CyberSec4Europe (Cyber Security for Europe) is holding it next event - "Representation of the State of Hessen to the EU" in Brussels, Belgium on 4-5 July 2019. 

Other three pilots are invited during CyberSec4Europe meetings.