LIFO - Bâtiment IIIA
Rue Léonard de Vinci
F-45067 ORLEANS Cedex 2
Tel: +33 (0)2 38 41 70 11
Fax: +33 (0)2 38 41 71 37
The next generation of mobile and smart phones will integrate NFC (Near Field Communication) chips. With the fast emergence of this contactless technology, mobile phones will soon be able to play the role of e-tickets, credit cards, transit pass, loyalty cards, access control badges, e-voting tokens, e-cash wallets, etc. The economic growth of the near-field mobile market is expectedly overwhelming, and some industry analysts estimate that by 2014, one in every six mobile customers will own an NFC-enabled device.
In such a context, protecting the privacy of an individual becomes a particularly challenging task, especially when this individual is engaged during her daily life in contactless services that may be associated with his identity. For instance, contactless services may involve a monthly subscription to a public transport system, an electronic ticket for a concert or some personal information stored aboard the mobile phone carried by that individual. If an unauthorized entity is technically able to follow all the digital traces left behind during these interactions then that third party could efficiently build a complete profile of this individual, thus causing a privacy breach. Most importantly, this entity can freely use this information for some undesired or fraudulent purposes ranging from targeted spam to identity theft.
The objective of LYRICS is to enable end users to securely access and operate contactless services in a privacy-preserving manner that is, without having to disclose their identity or any other unnecessary information related to personal data. More specifically, we intend to design new innovative solutions that achieve the two fundamental privacy principles that are data minimization and data sovereignty. The data minimization (or minimal disclosure) principle states that only the information that is strictly necessary to complete a particular transaction should be disclosed (and nothing more). In practice, this means that the user should never have to give away more information than necessary for accessing and performing a specific contactless service. The data sovereignty principle states that the piece of information related to an individual totally belongs to him and that he should remain in full control of how these data are used, by whom and for which purpose.
Cryptography-based technologies exist that partially respond to these requirements in some contexts. Yet none of these has been specifically designed for contactless transactions, where being offline, ensuring very low latency and being limited to constrained resources are major issues. LYRICS intends to overcome these deadlocks by providing an open, general-purpose architecture for privacy- preserving contactless services and a set of innovative cryptographic mechanisms for implementing and deploying these services on NFC-enabled mobile phones. This objective will be achieved in the context of the social appropriation of technological innovations and services.