dossier

Trusttester: the key to online privacy

17 February 2016 • 2 min reading time

Information validation without providing personal information: that is the advantage of TrustTester. TrustTester combines a patented algorithm with an authorization system. Together these ensure that organizations can trust that the information provided by the consumer in an online process is correct. Organizations will save on the verification process while consumers maintain their privacy.

Consumers wishing to take out a mortgage loan have to show that they have sufficient income. A company hiring a new employee might request a certificate of good conduct. A student hoping for an inexpensive healthcare insurance has to be able to prove that he or she is registered at an academic institution. While companies need to obtain this type of information, the owners of this information prefer to keep these details private.

Signatures and copies

Various online processes require reliable information to be submitted. A bank may not approach a customer's employer directly to find out whether this customer has sufficient income. In compliance with the Dutch Personal Data Protection Act (Wet bescherming persoonsgegevens, Wbp), such a request may only be made of the consumer directly. However, as the consumer might provide fraudulent information, the information that is provided loses its veracity. This forces the bank to use its expert staff for time-consuming and costly verification processes that require signatures and copies.

Digital stamp

Organizations are often not concerned about the content of the information itself: they simply need to know that the information provided is correct. The bank does not need to know the exact salary of the consumer, but it does need to know whether the consumer earns enough to afford the mortgage loan that is applied for. This means that the banks can speed up the process if they can quickly confirm the veracity of the information, rather than having to first verify the accuracy of the information. TrustTester facilitates this process. TrustTester does not provide personal information, but validates the statement of income made by the consumer. This statement is given a digital stamp that the receiver of the information, such as a financial institution, can trust.

TrustTester does not provide personal information, but validates the statement of income made by the consumer

Homomorphic encryption

In practice, TrustTester works similarly to the e-commerce payment system iDEAL, used in the Netherlands. Once the consumer has filled in his or her income on the bank's website, a screen will appear requesting that the amount be confirmed. The consumer will then select the reliable source of confirmation for that information, such as UWV (the Dutch administrative authority providing labour market and data services), and will then continue to log in using DigiD, the Dutch identity management platform. TrustTester will then ensure that the income statement made by the consumer and the income registered at the UWV are encrypted using homomorphic encryption. This then initiates a secure data comparing protocol that compares the income stated and the actual income in this encrypted domain, until only one bit is left on each side. The result of this validation, which is based on both bits, can only be viewed by the consumer. If the consumer then grants permission to share this result, the bank will receive proof that the information is correct.

Experiment

TNO is organizing an experiment of TrustTester in January. Consumers will validate certain aspects that come into play when applying for a mortgage loan such as income, whether you are currently leasing a car, and whether you are permanently employed. Other important aspects that will be tested are its user-friendliness and its compliance with existing laws and regulations. If the experiment is a success, TrustTester will be available as an operational service in 2017.

dossier

Trusttester: the key to online privacy

17 Feb '16 - 2 min
Information validation without providing personal information: that is the advantage of TrustTester. TrustTester combines a patented algorithm with an authorization... Read more
future view

Waving at radar

16 Oct '17 - 3 min
Operating a device without touching it. That's nothing new, it typically involves expensive technology and high energy consumption. At European Microwave Week 2017,... Read more
column

Invest in the armed forces of the future

12 Apr '17 - 2 min
After years of defence cuts, a host of political parties are now eager to invest in the armed forces. It is essential to avoid the pitfall of focusing solely on... Read more
innovation

How can you prevent cyber attacks?

24 Mar '17 - 4 min
Cyber attacks are becoming more severe and more professional, causing great damage to governments, businesses and the economy. The sooner a cyber threat is detected,... Read more
in the spotlight

Firework detection system: localising a bang in 10 seconds

28 Dec '16 - 4 min
Damage caused around New Year’s Eve in 2015/2016 in the Netherlands came to some eleven million euros. This year seven local authorities hope to keep this damage... Read more

FOLLOW TNO ON SOCIAL MEDIA

Stay up to date with our latest news, activities and vacancies

We use anonymous cookies to enhance the use of our site. Our privacy statement has been updated to reflect the new EU privacy policy.