Identity Management and Cybersecurity in Telematic Processes (GIC TEL)
Joint Research Unit
Gradiant and Councilbox have created a new joint research unit (JRU) focused on innovation in Identity Management and Cybersecurity.
Both organisations will jointly invest in this JRU, called GIC TEL (Gestión de Identidad y Ciberseguridad en procesos TELemáticos),
a figure close to 2 million euros, for 4 years, to promote R&D in the research lines of identity management and cybersecurity.
The Xunta de Galicia will provide, through the Galician Innovation Agency, more than 700,000 euros, approximately 40% of the total budget.
Supported by the Consellería de Economía, Empleo e Industria de la Xunta de Galicia.
In LegalTech in general and in the field of legally valid telematic meetings or assisted assistance to citizens, it is of vital
importance to maintain high standards of security and privacy in the different parts of the process to guarantee its legal validity,
while at the same time maintaining or improving its usability and reducing user friction.
Citizen service solutions and telematic meetings with legal validity present a series of key elements that can be improved in terms
of security and usability by means of innovative technologies, which can represent a differential value to position them as leaders in their sector:
- Secure and simple identity verification and management: the verification of user identity is key to be able to carry
out the functionalities of this type of solutions. The use of secure biometric systems and the validation of the documents provided in
the process, in addition to allowing compliance with the different regulations that apply, increase security and simplify the verification
process for the user.
- Ensuring the legal validity of signature processes: these systems have electronic signature processes to seal and verify the
content of the documentation generated. The Joint Unit will work on technologies and solutions that improve the usability, security and
performance of digital signature systems through the centralisation of digital certificates.
- Legal validity of electronic voting: it is essential that these systems comply with confidentiality and privacy protection requirements.
The use of reliable and verifiable computer algorithms will allow for the improvement of the e-voting system.
- Legal validity in the storage of evidence: evidence is stored throughout the process and must be guaranteed to be time-stamped and immutable.
The use of blockchain networks meets the objective, but has a series of limitations that will be resolved with the execution of the tasks proposed in the Joint Unit.
The research work of the Joint Unit falls within this area. Its objective is to develop solutions to improve, through the use of innovative technologies,
the usability and security of legally valid telematic systems.
- Improving the usability, security and performance of centralized identity management and digital signature systems based on the use of digital certificates.
- Research and development of new decentralized identity models that respect user privacy and adapt to the upcoming regulatory changes in the field of electronic identification.
- Research and development of biometric recognition algorithms for identity verification.
- Research and development of computer vision algorithms and/or digital forensic analysis for document validation.
- Implementation and evaluation of the technology developed for identity management in Councilbox solutions.
- Research and development of secure hardware-based platforms for trusted and verified computing of information.
- Research and development of technology for the secure processing of information in the encrypted domain.
- Research and development of anomaly detection algorithms in logs.
- Substantial improvement of a modern, proprietary methodology against current threats and attacks
- Research and development of a scalable digital evidence generation system.
- Application and evaluation of the technology developed in cyber security in COUNCILBOX solutions.
Lines of research
The technologies developed in the IMU will have to cover 2 main blocks in the process, which are gathered in two main lines of research:
- Identity management. This line of research will be oriented towards the research and application of technologies with the aim of
improving the usability, security and performance of current identity systems, taking into account the regulations and legislation
currently applicable, through the research and development of biometric verification y
document validation systems.
New decentralized identity models that are respectful of end-user privacy will also be explored by providing
data minimization techniques that allow the user full control of identity attributes, as well as sharing only the information
necessary for identification and authentication.
- Cybersecurity. This line of research will focus on the investigation and application of technologies aimed at implementing
protection mechanisms during data processing, cybersecurity anomaly detection techniques,
secure system development methods and advanced techniques for efficiently recording and tracing digital evidence
to increase confidence in the delivery of products and services to customers.
Councilbox y Gradiant, a great team
The driving forces behind the Joint Unit are COUNCILBOX TECHNOLOGY SL, a leading Spanish company in providing legal security for telematic
meetings of corporate governance bodies and video-presence procedures for citizen services, and GRADIANT, a Technology Centre specializing
in Security and Data Analytics solutions.
The Joint Unit created by the two organizations aims to promote R&D in the research areas of identity management and cybersecurity, so that both GRADIANT
and COUNCILBOX can derive mutual benefits from this collaboration between research organization and company.
In order to achieve the objectives of the joint unit, technical complementarity between COUNCILBOX and GRADIANT is necessary in the defined technological
research lines, which have been designed to evolve those technologies that have the greatest potential to be applicable to COUNCILBOX solutions, and in
turn improve and reinforce their cybersecurity.
COUNCILBOX solutions are at the forefront in the field of legally valid telematic meetings and telematic assistance to citizens. In these solutions,
it is of vital importance to manage the identity of the attendees, and to ensure the content discussed at a meeting, the agreements reached or the
This will be achieved by incorporating innovative mechanisms for the management and protection of digital identity, while improving the usability
of solutions and minimizing the risks of identity theft or fraud attacks.
With regard to identity management, GRADIANT has extensive experience in biometric identification technologies, document validation and self-sovereign
identity systems, while COUNCILBOX has experience in the integration of identity systems in its solutions using biometric technologies and automatic
identification and validation of documents, as well as experience in technologies for the custody of the documentation provided and the evidence
collected in the processes of identification of citizens.
Socio-economic impact of the JRU
The provision of public and private services will be improved across the board with the incorporation of the technologies to be developed
in the JRU, by providing an obvious way forward:
- Efficiency: there will be a great potential to contribute to greatly reduce the cost and complexity of management, as
well as to facilitate decision making based on more reliable data.
- Transparency: the development of technologies should contribute to a better transparency of the different management
processes by facilitating audits with reliable information, acting as a deterrent to fraud and guaranteeing the veracity and
inalterability of the information.
The IMU’s global challenges also include the provision of human capital as a “source of competitive advantage”, improving people’s skills and
competencies to awaken scientific and technological vocations and perceptions favourable to R&D processes, while maintaining and creating
new sources of employment.
This initiative is in line with the strategic objectives of COUNCILBOX, which wants an important part of its business activity to be
developed in the area of research and development, since the results obtained in this area in the medium or long term can lead to a great
improvement and growth of the company.
From an environmental point of view, by avoiding travel, not only organizational and infrastructure costs are significantly
reduced, but also the carbon footprint that these meetings entail.
From a social perspective, COUNCILBOX saves on the cost of holding a corporate meeting: not only on the organization’s expenses
but also on the participants’ time. By allowing remote participation, the time cost of travelling to a meeting is avoided,
significantly improving the work-life balance of employees and facilitating the implementation of CSR standards in companies.
In addition, when it comes to corporate meetings, there are many offices where the secretarial department does a lot of printing to
provide the participants with the agenda, minutes and lists of decisions. COUNCILBOX not only optimizes these tasks, but does so
without the need for printed paper.
COUNCILBOX is a company committed to the environment. The company carries out informative actions with its employees, aimed at
disseminating the regulations on recycling and responsible consumption of resources. As a technology company, it has minimized the use
of paper by its staff, replacing it with new technologies.
Milestones achieved in 2022
To date, milestones achieved since 1 May 2022 in Identity Management include:
- Design, development and evaluation of algorithms for digital manipulation detection in text
- Design, development and evaluation of algorithms for the detection of presentation attacks
, specifically the detection of paper-based identity documents.
- Development of a rest API in order to facilitate the integration of the above mentioned algorithms with
COUNCILBOX systems and solutions.
Milestones achieved since 1 March 2022 in Cybersecurity include:
- Implementation of centralised log system APM (Datadog).
- Implementation of vulnerability management tool (Snyk).
- Implementation of code analysis (Sonarcloud).
Supported by the Consellería de Economía, Empleo e Industria de la Xunta de Galicia.