Search results

53 items matching your search terms.
Filter the results.
Item type





































New items since



Sort by relevance · date (newest first) · alphabetically
Report/StudyTechnical guideline for Incident Reporting
This document describes a framework for security incident reporting based on the requirements set by article 19 of the eIDAS regulation. It is being developed on a consensus basis between the experts of the working group formed by ENISA and it is reviewed by various relevant stakeholders from both the private and the public sector. The final report includes the consensual contributions and modifications of all stakeholders involved in its development and as such it is not a binding guideline.
Located in Publications
Report/StudyManaging multiple identities
Nowadays each person has the opportunity of living multiple lives in parallel, in the real as well as in the virtual world. A trend observed over the last years, first in the research community, but now also in commercial offerings is the increase of interactions between these two worlds, making real-world information accessible to services on the Internet. An area of particular interest is the management of multiple identities, where “identity” is being considered in a broad sense. Issues related with this area include anonymity, pseudonymity, unlinkability and unobservability. The increasingly digital nature of relationships between people is central to dealing with those issues. It is not a question simply of hardware or software, but more importantly of enabling people to enjoy and benefit from their online experiences, while dealing with potential issues. The problems might include a lack of knowledge or training, difficult personal circumstances or simply irritation at the diversity and unpredictability of online privacy and identity mechanisms. It is therefore vital that we should have strong, reliable mechanisms, which can be easily understood and relied upon across the course of a lifetime. This paper introduces the key concepts of electronic identity and presents available methods of managing multiple identities.
Located in Publications
Report/StudyMapping security services to authentication levels
This report reviews the authentication levels and their mapping to public electronic services in the eGovernment programme framework, which require an authentication of the user (security services). It gives a general overview of European efforts and particularly the activities of STORK (Secure idenTity acrOss boRders linKed) in relation to the levels and the mapping. Essential concepts in IT security are explained and the mappings are illustrated by everyday life examples.
Located in Publications
Report/StudyAuditing Framework for TSPs
This report provides an overview of the dedicated means of auditing for TSPs. It discusses specifically the following areas: standards applicable to TSPs and Conformity Assessment Bodies (auditors), methodology of auditing TSPs (off- and on-site), TSPs documentation (plans, policies and procedures) and implementation of TSPs services. This set of good practices can be used as reference for both, Trust Service Providers (preparing for audits), and Conformity Assessment Bodies (performing audits), in the field of external audits (internal assessments are part of company’s risk management procedures, therefore this topic is not covered here). It focuses on measures that can be taken at organizational level, drawing to norms and standards for technical details.
Located in Publications
Report/StudyAnalysis of standards related to Trust Service Providers - Mapping of requirements of eIDAS to existing standards
This report on one hand analyses the eIDAS requirements with regard to the standards, on the other analyses currently available standards and compares the results of both analyses. Such a mapping is oriented at the requirements specified in the various eIDAS articles. Pursuant to this mapping it can be concluded that usually the analysed standards usually cover some requirements in part or whole. Existing standards can be endorsed for being used within the frames of eIDAS Regulation, to the extent as presented in the previous sections. The analysis presented in this report led, however, to a shortlist of gaps, where specific eIDAS requirements have yet to be addressed in EU standards (ETSI/CEN/CENELEC) or international ones.
Located in Publications
Report/StudyPrivacy Features of European eID Card Specifications
A national eID card is a gateway to personal information. Any unwanted disclosure of personal information constitutes a violation of the citizen’s privacy rights. Apart from considerations of fundamental rights, this is also a serious obstacle to the adoption of eID card schemes and to their cross-border interoperability. The aim of this paper is to allow easy comparison between privacy features offered by European eID card specifications and thereby to facilitate identification of best practice.
Located in Publications
Report/Study D source codeSecurity Issues in the Context of Authentication Using Mobile Devices (Mobile eID)
Mobile devices, like smart phones and PDAs, will play an increasingly important role in the digital environment. However, the pervasive use of mobile devices also brings new security and privacy risks. Persons who make extensive use of mobile devices continuously leave traces of their identities and transactions, sometimes even by just carrying the devices around in their pockets. Throughout this paper we will look at different use-cases for electronic authentication using mobile devices. We will identify the security risks which need to be overcome, give an opinion about their relevance, and present mechanisms that help mitigate these risks.
Located in Publications
Report/Study Privacy and Security Risks when Authenticating on the Internet with European eID Cards
Whenever we use internet services, the first steps we take are usually identification (we input our names) and authentication (we prove that it is us). How we actually identify and authenticate ourselves depends on the security level of the application. The means used can vary from a simple combination of username and password, through a secret PIN, to a PIN generated by some external device or a smart card using cryptography. Smart cards are being used increasingly for authentication purposes. Many European identity cards now contain a smart-card chip, equipped with functionalities for online authentication. They are usually called 'electronic identity cards' (eID cards). This report focuses on authentication using smart cards and compares this approach with other common means of authentication.
Located in Publications
Report/Study C headerSecurity Issues in Cross-border Electronic Authentication
Improving the interoperability of electronic identification and authentication systems is a European task and a task for all Member States. Considerable efforts have been made in several projects to face the challenges of pan-European interoperability of electronic authentication and to assess the feasibility of differing approaches. ENISA analysed the current situation and assessed the security risks of electronic authentication in cross-border solutions. To visualize these risks, two different projects offering cross-border authentication have been exemplarily examined and evaluated, NETC@RDS and STORK.
Located in Publications
Report/StudyMobile Identity Management
This paper reports on information security risks and best-practice in the area of Mobile Identity Management (Mobile IDM). It also provides recommendations of systems, protocols and/or approaches to address these challenges.
Located in Publications

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more