KAU, AIT, ATOS, FOKUS, GUF, KGH, LISPA, OTE
The growth of internet has shown a wide range of applications in different domains. Often users need to prove their rights to access certain functions and information, be it email, bank accounts, or others, and also to provide information. Helping service providers to trust users’ information and users to trust that their personal information is not used for other purposes than they intend when providing it is an urgent matter in the growing information society. In addition, usability issues grow with growing information and security demands.
CREDENTIAL is an EU-funded Horizon 2020 project that involves developing, testing and presenting cloud-based services for storing, managing and sharing digital identity information and personal data with a higher level of security than existing technology.
The CREDENTIAL Wallet is the central component of the tools and components developed within the project. It offers a set of security and application services providing, among others, authentication and authorization mechanisms combined with novel cryptographic technologies like proxy-re-encryption and malleable signatures. Three pilot cases are developed within the project to demonstrate how the CREDENTIAL technology can be deployed in diverse contexts.
In order to demonstrate the CREDENTIAL Wallet solution, the demonstrated system has to be equipped with user interfaces (UIs). Besides the pilot-specific user interfaces, there must also be some general user interfaces to demonstrate the functionality. This report covers in essence two sets of UIs: (1) general ones that future users of CREDENTIAL-based identity services will most likely use when they, as private individuals, use the Wallet in their daily lives, and (2) specific ones for use in eHealth scenarios to facilitate the management by patients and health workers’ use of Personal Health Records and wearables sending patient status data to clinics’ staff. (Other pilots within the CREDENTIAL project do not have specific apps for the CREDENTIAL functions why no UIs besides the general ones need to be designed.)
Furthermore, just as the pilot prototypes, the general user interfaces can be used to evaluate how ordinary users and systems owners would appreciate the CREDENTIAL Wallet functionality. They also enable the project to evaluate the communicability of various user interface designs. A first user test has already been conducted based on mockups of the general UIs with faked functionality, which made the mockup Wallet appear interactive to the test participants, and a fake web site service, which seemed to interact with the faked Wallet app on a smartphone.
The results, as measured by the very widely used SUS scale – System Usability Scale – indicate that this group of first-time users appreciated the concept, the graphic layout, and also the interaction design. For the two task of authorization and authentication, the SUS score ranged 75-80. However, the participant were familiar with using smartphone for the service of identity providers, in contrast to most EU citizen presently. Thus, a similar study has to be conducted with other types of internet users.
Moreover, the user test also showed a lack of understanding of how the identity key (in this case, the fingerprint) is kept and used. There were also a not entirely satisfying result as to what data the participants thought had been released to the service provider. This report will thus serve as a basis for exploring slight modifications of the interaction and presentation elements within the general UIs. The eHealth-specific UIs has not yet been subjected to any user evaluation, but they will be as part of the pilot development cycle.
This report discusses also other means of enhancing users’ understanding. These discussions are based on literature surveys of research literature within identity management and usable privacy and reflection on actual cases from partners within the project. As made explicit, the introductions to new technology is not only made via UIs but also via specifically crafted introduction presentations and via champions like public bodies or private companies that already are trusted by citizens.
The full version of this deliverable can be downloaded here.