Solving identity delegation problem in the e-government environment

At present, many countries allow citizens or entities to interact with the government outside the telematic environment through a legal representative who is granted powers of representation. However, if the interaction takes place through the Internet, only primitive mechanisms of representation are available, and these are mainly based on non-dynamic offline processes that do not enable quick and easy identity delegation. This paper proposes a system of dynamic delegation of identity between two generic entities that can solve the problem of delegated access to the telematic services provided by public authorities. The solution herein is based on the generation of a delegation token created from a proxy certificate that allows the delegating entity to delegate identity to another on the basis of a subset of its attributes as delegator, while also establishing in the delegation token itself restrictions on the services accessible to the delegated entity and the validity period of delegation. Further, the paper presents the mechanisms needed to either revoke a delegation token or to check whether a delegation token has been revoked. Implications for theory and practice and suggestions for future research are discussed.

Aplicación de documentos de identificación electrónica a un esquema de voto telemático a escala paneuropea, seguro, auditable y verificable.

En este trabajo de tesis se propone un esquema de votación telemática, de carácter paneuropeo y transnacional, que es capaz de satisfacer las más altas exigencias en materia de seguridad. Este enfoque transnacional supone una importante novedad que obliga a identificar a los ciudadanos más allá de las fronteras de su país, exigencia que se traduce en la necesidad de que todos los ciudadanos europeos dispongan de una identidad digital y en que ésta sea reconocida más allá de las fronteras de su país de origen. Bajo estas premisas, la propuesta recogida en esta tesis se aborda desde dos vertientes complementarias: por una parte, el diseño de un esquema de votación capaz de conquistar la confianza de gobiernos y ciudadanos europeos y, por otra, la búsqueda de una respuesta al problema de interoperabilidad de Sistemas de Gestión de Identidad (IDMs), en consonancia con los trabajos que actualmente realiza la UE para la integración de los servicios proporcionados por las Administraciones Públicas de los distintos países europeos. El punto de partida de este trabajo ha sido la identificación de los requisitos que determinan el adecuado funcionamiento de un sistema de votación telemática para, a partir de ellos,proponer un conjunto de elementos y criterios que permitan, por una parte, establecer comparaciones entre distintos sistemas telemáticos de votación y, por otra, evaluar la idoneidad del sistema propuesto. A continuación se han tomado las más recientes y significativas experiencias de votación telemática llevadas a cabo por diferentes países en la automatización de sus procesos electorales, analizándolas en profundidad para demostrar que, incluso en los sistemas más recientes, todavía subsisten importantes deficiencias relativas a la seguridad. Asimismo, se ha constatado que un sector importante de la población se muestra receloso y, a menudo, cuestiona la validez de los resultados publicados. Por tanto, un sistema que aspire a ganarse la confianza de ciudadanos y gobernantes no sólo debe operar correctamente, trasladando los procesos tradicionales de votación al contexto telemático, sino que debe proporcionar mecanismos adicionales que permitan superar los temores que inspira el nuevo sistema de votación. Conforme a este principio, el enfoque de esta tesis, se orienta, en primer lugar, hacia la creación de pruebas irrefutables, entendibles y auditables a lo largo de todo el proceso de votación, que permitan demostrar con certeza y ante todos los actores implicados en el proceso (gobierno, partidos políticos, votantes, Mesa Electoral, interventores, Junta Electoral,jueces, etc.) que los resultados publicados son fidedignos y que no se han violado los principios de anonimato y de “una persona, un voto”. Bajo este planteamiento, la solución recogida en esta tesis no sólo prevé mecanismos para minimizar el riesgo de compra de votos, sino que además incorpora mecanismos de seguridad robustos que permitirán no sólo detectar posibles intentos de manipulación del sistema, sino también identificar cuál ha sido el agente responsable. De forma adicional, esta tesis va más allá y traslada el escenario de votación a un ámbito paneuropeo donde aparecen nuevos problemas. En efecto, en la actualidad uno de los principales retos a los que se enfrentan las votaciones de carácter transnacional es sin duda la falta de procedimientos rigurosos y dinámicos para la actualización sincronizada de los censos de votantes de los distintos países que evite la presencia de errores que redunden en la incapacidad de controlar que una persona emita más de un voto, o que se vea impedido del todo a ejercer su derecho. Este reconocimiento de la identidad transnacional requiere la interoperabilidad entre los IDMs de los distintos países europeos. Para dar solución a este problema, esta tesis se apoya en las propuestas emergentes en el seno de la UE, que previsiblemente se consolidarán en los próximos años, tanto en materia de identidad digital (con la puesta en marcha de la Tarjeta de Ciudadano Europeo) como con el despliegue de una infraestructura de gestión de identidad que haga posible la interoperabilidad de los IDMs de los distintos estados miembros. A partir de ellas, en esta tesis se propone una infraestructura telemática que facilita la interoperabilidad de los sistemas de gestión de los censos de los distintos estados europeos en los que se lleve a cabo conjuntamente la votación. El resultado es un sistema versátil, seguro, totalmente robusto, fiable y auditable que puede ser aplicado en elecciones paneuropeas y que contempla la actualización dinámica del censo como una parte crítica del proceso de votación. ABSTRACT: This Ph. D. dissertation proposes a pan‐European and transnational system of telematic voting that is capable of meeting the strictest security standards. This transnational approach is a significant innovation that entails identifying citizens beyond the borders of their own country,thus requiring that all European citizens must have a digital identity that is recognized beyond the borders of their country of origin. Based on these premises, the proposal in this thesis is analyzed in two mutually‐reinforcing ways: first, a voting system is designed that is capable of winning the confidence of European governments and citizens and, second, a solution is conceived for the problem of interoperability of Identity Management Systems (IDMs) that is consistent with work being carried out by the EU to integrate the services provided by the public administrations of different European countries. The starting point of this paper is to identify the requirements for the adequate functioning of a telematic voting system and then to propose a set of elements and criteria that will allow for making comparisons between different such telematic voting systems for the purpose of evaluating the suitability of the proposed system. Then, this thesis provides an in‐depth analysis of most recent significant experiences in telematic voting carried out by different countries with the aim of automating electoral processes, and shows that even the most recent systems have significant shortcomings in the realm of security. Further, a significant portion of the population has shown itself to be wary,and they often question the validity of the published results. Therefore, a system that aspires to win the trust of citizens and leaders must not only operate correctly by transferring traditional voting processes into a telematic environment, but must also provide additional mechanisms that can overcome the fears aroused by the new voting system. Hence, this thesis focuses, first, on creating irrefutable, comprehensible and auditable proof throughout the voting process that can demonstrate to all actors in the process – the government, political parties, voters, polling station workers, electoral officials, judges, etc. ‐that the published results are accurate and that the principles of anonymity and one person,one vote, have not been violated. Accordingly, the solution in this thesis includes mechanisms to minimize the risk of vote buying, in addition to robust security mechanisms that can not only detect possible attempts to manipulate the system, but also identify the responsible party. Additionally, this thesis goes one step further and moves the voting scenario to a pan‐European scale, in which new problems appear. Indeed, one of the major challenges at present for transnational voting processes is the lack of rigorous and dynamic procedures for synchronized updating of different countries’ voter rolls, free from errors that may make the system unable to keep an individual from either casting more than one vote, or from losing the effective exercise of the right to vote. This recognition of transnational identity requires interoperability between the IDMs of different European countries. To solve the problem, this thesis relies on proposals emerging within the EU that are expected to take shape in the coming years, both in digital identity – with the launch of the European Citizen Card – and in the deployment of an identity management infrastructure that will enable interoperability of the IDMs of different member states. Based on these, the thesis proposes a telematic infrastructure that will achieve interoperability of the census management systems of European states in which voting processes are jointly carried out. The result is a versatile, secure, totally robust, reliable and auditable system that can be applied in pan‐European election, and that includes dynamic updating of the voter rolls as a critical part of the voting process.

Estructuras espaciales desmontables y desplegables. Estudio de la obra del arquitecto Emilio Pérez Pinero.

La presente tesis estudia las realizaciones del arquitecto Emilio Pérez Pinero, todas dentro de las estructuras espaciales de barras desmontables y desplegables, elabora la documentación que hace transmisible su investigación y generaliza el estudio del comportamiento en la parcela de las desplegables. La obra de este arquitecto forma un conjunto original, atractivo y sin continuadores, y por otra parte, no abundan las" investigaciones sobre este tipo de estructuras ( mucho menos las realizaciones), en las que hay que resolver tanto su definición como su movilidad y comportamiento estructural. El contenido de la parte correspondiente a las estructuras desmontables se limita a las cúpulas reticuladas de una capa, con el sistema de reticulado y montaje ideado por Pinero, por considerar que se debe documentar su aportación pero no incidir mas en un campo de investigación que cuenta con abundantes estudios. Se aporta la solución matemática y un programa de ordenador para la definición geométrica completa del reticulado empleado. Las estructuras desplegables se caracterizan por el empleo de barras dispuestas en "x" en el espesor de la estructura, con generación de superficies tanto planas como curvas. En ambos casos se analiza la movilidad en fase de mecanismo, tanto a las soluciones de Pinero como a las complementarlas que se exponen. Se estudian las relaciones geométricas que deben de cumplirse para que sea posible el movimiento de las barras, relaciones particularmente complejas en las desplegables según superficies esféricas, y que determinan su definición geométrica. En la fase de estructura, además de analizar lo realizado por Pinero, documentando y definiendo sus componentes, se proponen varias estructuras posibles para cada mecanismo, y se desarrolla en detalle el tipo de los emparrillados de canto constante, donde se incluye un estudio comparativo de nueve variantes distintas. Se muestra el amplio campo de uso posible para estas estructuras. ABSTRACT The • present doctoral dissertation studies the work of de spanish architect Emilio Pérez Pinero, all of it within de field of spatial demountable and deployable structures. This contribution compiles the necessary documentation for research in this field and, besides, generalizes the theoretical background for the analysis of this type of structures. Pérez Pinero's contributions are original and attractive, but, so far, he has not any followers ; on the other hand research in this field is scarce (much less actual realizations). In the part corresponding to demountable structures the research is limited to reticulated domes of only one layer, following Pérez Pinero's sys~ tem, trying to give a comprehensive documentation of it. The mathematical solution is given and so is a computer program for the complete definition of the geometry of the structure. One characteristic of deployable structures is the use of struts placed - formix "X" in the thickness of the structure, making possible the generation of plañe as well as curved surfaces. In both cases, the operation in the phase of mechanism is studied, both fot Pinero's solution and for the other schemes presented. The geometrical relationships that must be maintained in order to guarantee strut's movements, are studied; these relationships are particularly complex in the case of spherical surfaces, and, in this last casey determine completely its geometrical definition. In regard of the structure behaviour, besides analysing Pinero's works, a variety of solutions are proposed for each mechanism. Particularly, the configuration for double layer grids of constant thickness is developed with great detall, and a comparative study of nine different solutions of this special case is included. A wide range of the possible applications of this structural type is shown.

Current Trends in Pan-European Identity Management Systems

The demand for electronic identity has grown as a result of governments? promotion of e-Government, in which the citizen-public administration relationship often has a strictly personal nature and requires digital identification systems that are univocal, secure, and global. The management of this identity by public administrations is an important challenge, accentuated when interoperability among public administrations of different countries become necessary. In this paper current trends in pan-euroean identity management systems are analysized and a outlook of the future European scenary is shown.

Is Europe ready to provide a pan-European Identity Management System?

European public administrations must manage citizens' digital identities, particularly considering interoperability among different countries. Owing to the diversity of electronic identity management (eIDM) systems, when users of one such system seek to communicate with governments using a different system, both systems must be linked and understand each other. To achieve this, the European Union is working on an interoperability framework. This article provides an overview of eIDM systems' current state at a pan-European level. It identifies and analyzes issues on which agreement exists, as well as those that aren't yet resolved and are preventing the adoption of a large-scale model.

Estudio sobre el Urbanismo moderno: Adolfo Blanco y Pérez del Camino, pensionado por la JAE en 1927

Recuperación de la memoria realizada por el arquitecto Adolfo Blanco sobre las Ideas Modernas del Urbanismo redactada durante sus viajes por Europa y África en 1927

Analysis of electronic and telematic voting systems in binding experiences

This paper is about analysis and assess of three experiences on telematic and electronic voting dealing with such aspects as security and achievement of the social requirements. These experiences have been chosen taking into account the deepness of the public documentation and the technological challenge they faces.

Use of Java Cards in a telematic voting system.

This paper presents a general view of the telematic voting system developed by its authors, with a special emphasis on the important role that smart cards play in this scenario. The use of smart cards as basic pieces for providing secure cryptographic operations in this type of voting scheme is justified. The differences and advantages of Java Cards in comparison with the ?classical? smart cards (those that completely conform to the ISO/IEC 7816 standard) are also discussed. As an example, the paper describes one of the applets implemented in the voting Java Card as part of the general telematic voting application.

VOTESCRIPT: Telematic voting system designed to enable final count verification

In this paper we present a global description of a telematic voting system based on advanced cryptography and on the use of smart cards (VOTESCRIPT system) whose most outstanding characteristic is the ability to verify that the tally carried out by the system is correct, meaning that the results published by the system correspond with votes cast. The VOTESCRIPT system provides an individual verification mechanism allowing each Voter to confirm whether his vote has been correctly counted. The innovation with respect to other solutions lies in the fact that the verification process is private so that Voters have no way of proving what they voted in the presence of a non-authorized third party. Vote buying and selling or any other kind of extortion are prevented. The existence of the Intervention Systems allows the whole electoral process to be controlled by groups of citizens or authorized candidatures. In addition to this the system can simply make an audit not only of the final results, but also of the whole process. Global verification provides the Scrutineers with robust cryptographic evidence which enables unequivocal proof if the system has operated in a fraudulent way.

Diseño de un sistema avanzado de democracia digital garante de la libertad de expresión

En este artículo se presenta el diseño de un sistema avanzado de democracia digital, con énfasis en la protección a la libertad de expresión de los ciudadanos, ofrecida mediante el empleo de tarjetas inteligentes y mecanismos avanzados de seguridad. Se regulan los procedimientos de obtención de alias para conseguir la participación anónima de quien lo desee, garantizando que con su uso se oculta la identidad real del usuario (incluso al propio sistema), asegurando, en todos los casos, que únicamente las personas autorizadas pueden participar en el foro correspondiente y proporcionando garantía de integridad de la información, tanto en tránsito como almacenada. Asimismo, los ciudadanos disponen de pruebas criptográficas robustas que les permiten evidenciar cualquier funcionamiento anómalo del sistema que pudiera desembocar en la destrucción o modificación de opiniones y en la consiguiente alteración de las conclusiones o resultados de la participación.

Contributions to traditional electronic voting systems in order to reinforce citizen confidence

This document provides a general description of the telematic voting scenario designed by the author?s research group. This scenario reinforces verification procedures as key elements to achieve full acceptance of the system on the part of voters. To frame this work, a general overview of electronic voting is given and the conditions entailed by these systems are specified.

Analysis of electronic and telematic voting systems in binding experiences.

This paper is about analysis and assess of three experiences on telematic and electronic voting dealing with such aspects as security and achievement of the social requirements. These experiences have been chosen taking into account the deepness of the public documentation and the technological challenge they faces.

Del voto electrónico al voto telemático

Este artículo presenta los aspectos más relevantes del trabajo realizado por los autores dentro del proyecto VOTESCRIPT (TIC2000-1630-C02). El objetivo principal de este proyecto fue el análisis, definición e implementación de un sistema que abarcara todas las fases y elementos existentes en un proceso de votación electrónica sobre redes de ordenadores. El artículo incluye las soluciones propuestas dentro del proyecto. This paper hallmarks the most relevant contributions carried out by the authors in the VOTESCRIPT project (TIC2000-1630-C02). The main goal of this project was the analysis, definition and implementation of a system, which copes with every phases and elements existing in a process of electronic voting using computer networks. The paper includes the proposed solutions of the project to solve these problems.

Design of an Advanced Platform for Citizen Participation Committed to Ensuring Freedom of Speech

This paper presents a proposal for an advanced system of debate in an environment of digital democracy which overcomes the limitations of existing systems. We have been especially careful in applying security procedures in telematic systems, for they are to offer citizens the guarantees that society demands. New functional tools have been included to ensure user authentication and to permit anonymous participation where the system is unable to disclose or even to know the identity of system users. The platform prevents participation by non-entitled persons who do not belong to the authorized group from giving their opinion. Furthermore, this proposal allows for verifying the proper function of the system, free of tampering or fraud intended to alter the conclusions or outcomes of participation. All these tools guarantee important aspects of both a social and technical nature, most importantly: freedom of expression, equality and auditability.