CREDENTIAL · Project

Cloud Identity Wallet That Keeps Your Data Encrypted Even From the Provider

digitalPilotedTRL 7

Imagine a digital safe deposit box in the cloud where you keep all your login credentials, health records, and government IDs — but even the company running the safe can't peek inside. That's what CREDENTIAL built: a cloud-based identity wallet using encryption so strong that your data stays scrambled for everyone except you and whoever you explicitly share it with. They tested it across three real-world scenarios — government services, healthcare, and online business — with 15 organizations across 7 countries. Think of it as a password manager on steroids, where sharing your verified identity with a hospital or tax office doesn't mean giving up control of your personal data.

By the numbers

consortium partners involved

countries represented in the consortium

pilot domains tested (e-Government, e-Health, e-Business)

industry partners in the consortium

total project deliverables produced

53%

industry ratio in the consortium

The business problem

What needed solving

Organizations handling sensitive identity data in the cloud face a fundamental trust problem: current systems require the cloud provider to see your data in order to manage it, creating a single point of failure for breaches and privacy violations. Password-based authentication remains the weak link in most digital services, yet moving to stronger methods has been too complex for widespread adoption. Companies in healthcare, government, and e-commerce need a way to let users share verified identity information without sacrificing control or security.

The solution

What was built

The project delivered a working cloud-based identity wallet service with end-to-end encryption and hardware-based multi-factor authentication. It was tested across 3 pilot domains — e-Government, e-Health, and e-Business — each producing formal evaluation reports. The system uses proxy cryptography so that even the cloud provider hosting the identity data cannot read it in plain text. In total, 29 deliverables were produced across the 15-partner consortium.

Audience

Who needs this

Healthcare IT system integrators managing patient identity across hospitalsGovernment IT contractors building national digital identity platformsIAM and cybersecurity vendors upgrading from password-based authenticationCloud service providers needing privacy-preserving data sharing capabilitiesInsurance companies handling sensitive customer identity verification

Business applications

Who can put this to work

Healthcare IT

enterprise

Target: Health information system providers and hospital networks

If you are a healthcare IT provider dealing with the challenge of sharing patient records securely across institutions — this project developed a cloud identity wallet with end-to-end encryption that was pilot-tested in the e-Health domain across a 15-partner consortium. It lets patients control who sees their data while keeping records encrypted even from the cloud provider itself. The e-Health pilot was evaluated and documented, giving you a tested blueprint for privacy-preserving health data exchange.

Government Digital Services

enterprise

Target: e-Government platform providers and public sector IT contractors

If you are a government IT contractor struggling to offer citizens secure cross-border identity verification — this project built and piloted an identity wallet service specifically for e-Government use cases. The system combines hardware-based multi-factor authentication with proxy cryptography, tested across 7 countries. The e-Government pilot evaluation report documents real-world performance, making this a proven starting point for national digital identity programs.

Identity and Access Management

mid-size

Target: IAM solution vendors and cybersecurity companies

If you are an IAM vendor looking to upgrade from password-based authentication to something your enterprise clients actually trust — this project developed cloud-based identity management where even the identity provider cannot access user data in plain text. With 8 industry partners involved in development and 3 separate pilot domains tested, the technology addresses the core trust problem in cloud-based identity: who guards the guards.

Frequently asked

Quick answers

What would it cost to license or integrate this technology?

The project did not publish pricing or licensing terms in available data. As a publicly funded EU Innovation Action, the core research results are typically accessible, but commercial licensing would need to be negotiated with AIT Austrian Institute of Technology and the relevant consortium partners. Contact the coordinator for specific terms.

Can this scale to millions of users in a national identity system?

The technology was designed for high-assurance domains including e-Government, which implies national-scale ambitions. However, the pilots were evaluation-stage deployments across 3 domains with 15 partners. Scaling to millions would require additional infrastructure work beyond what the project documented.

Who owns the intellectual property?

IP from EU-funded projects typically stays with the consortium partners who created it. With 8 industry partners and 2 SMEs in the consortium, IP is likely distributed across multiple organizations. AIT Austrian Institute of Technology as coordinator would be the first point of contact for licensing discussions.

Does this meet current data protection regulations like GDPR?

The project was designed with privacy at its core — the system ensures even the identity provider cannot access data in plain text. While the project ran from 2015 to 2018 (overlapping with GDPR introduction), its privacy-by-design approach with end-to-end encryption aligns well with GDPR principles. Specific compliance certification would need to be verified with the consortium.

How long would integration take for an existing IT system?

The project delivered a central identity wallet service designed for service-provider-side integration, suggesting it was built as a pluggable component. Based on available project data, 3 separate pilot domains were integrated and tested, each producing evaluation reports. Integration timelines would depend on your existing infrastructure.

What authentication methods does this support?

The system uses hardware-based multi-factor authentication combined with end-to-end encryption and proxy cryptography schemes. This represents a significant upgrade over password-based authentication, though specific hardware token requirements would need to be discussed with the technical partners.

Is this still actively maintained and developed?

The project officially ended in September 2018. Based on available project data, follow-up development status is unclear. The project website credential.eu and coordinator AIT Austrian Institute of Technology would be the best sources for current status and any commercial products that evolved from the research.

Consortium

Who built it

The CREDENTIAL consortium is strongly industry-oriented with 8 out of 15 partners (53%) coming from the private sector, complemented by 3 universities and 3 research organizations across 7 European countries (AT, DE, EL, ES, IT, LU, SE). This mix signals a project designed for real-world application rather than pure research. The coordinator, AIT Austrian Institute of Technology, is a well-established applied research organization. With 2 SMEs in the mix, the consortium balances large-scale technical capability with entrepreneurial agility. The geographic spread across Southern, Central, and Northern Europe suggests the solution was designed to work across different regulatory environments — important for any identity management system targeting cross-border use.

AIT AUSTRIAN INSTITUTE OF TECHNOLOGY GMBHCoordinator · AT
TECHNISCHE UNIVERSITAET GRAZparticipant · AT
TINEXTA INFOCERT SPAparticipant · IT
AZIENDA REGIONALE PER L'INNOVAZIONEE GLI ACQUISTI S.P.A.participant · IT
ATOS SPAIN SAparticipant · ES
ORGANISMOS TILEPIKOINONION TIS ELLADOS OTE AEparticipant · EL
JOHANN WOLFGANG GOETHE-UNIVERSITAET FRANKFURT AM MAINparticipant · DE
ATOS CONSULTING CANARIAS SA UNIPERSONALthirdparty · ES
ATOS IT SOLUTIONS AND SERVICES IBERIA SLthirdparty · ES
STIFTUNG SECURE INFORMATION AND COMMUNICATION TECHNOLOGIESparticipant · AT
KARLSTADS UNIVERSITETparticipant · SE

How to reach the team

AIT Austrian Institute of Technology GmbH (Austria) — reach out to their digital safety and security department for licensing and collaboration inquiries.

Order a report on this consortium See AIT AUSTRIAN INSTITUTE OF TECHNOLOGY GMBH profile →

Next steps

Talk to the team behind this work.

Want an introduction to the CREDENTIAL team? SciTransfer can connect you with the right technical contact and prepare a tailored briefing for your use case.

Order a report on this topic More in Digital & ICT