About MATTHEW
Within the framework of the MATTHEW project we focus on:
- the development of novel, privacy-preserving security applications with
- anonymity and Attribute Based Credentials (ABC) or group signatures;
- transferable Credentials over various mobile devices like smartphones and tablets using Near Field Communication (NFC)
Introducing active transmission technology for NFC, MATTHEW will overcome the greatest obstacles in scalability of form factors for NFC antennas, thus facilitating integration of NFC-enabled security components in mobile devices.
MATTHEW directly addresses “security and privacy in mobile services” of the objective ICT-2013.1.5 Trustworthy ICT (Information and Communication Technologies) of the 7 th framework program of the European Union and will, based on application requirements, specify an architecture with focus on multiple entity security with privacy preservation.
Component development encompasses
- privacy algorithms support
- active transmission technology
- antenna designs
- specialised packages for small form factor integration
Motivation
With the increasingly pervasive use in our society of mobile devices like smartphones and tablets, and many users running several security relevant applications on these devices at the same time, security and privacy challenges outranging those on personal computers arise. In the near future, users are expected to move personal roles and identities between secure entities. Electronic representations of rights associated with such roles will be mobilised and reside on multiple devices.
Secure entities can be:
- a secure element (SE) integrated in a nanoSIM used in smartphones or
- a SE integrated in a microSDTM card used in tablets and smartphones
Since these entities are bound to a singular user, they contain privacy sensitive data. The type of data depends on the application that these security entities are used for. In order to ensure the privacy of the user, MATTHEW investigates privacy-enhancing technologies and how to integrate them into the “multiple roots of trust”-concept in a way that the exchanged privacy-relevant information is reduced to an absolute minimum. Furthermore, this approach ensures that no sensitive data remains in a device after the secure entity has been unplugged.